Re: Encrypt password within source code.

Discussion in 'Python' started by Chris Rebert, May 6, 2010.

  1. Chris Rebert

    Chris Rebert Guest

    On Wed, May 5, 2010 at 6:12 PM, Vincent Davis <> wrote:
    > I can't think of a way to do this, not sure it is possible but I feel as though I might not know what I don't know.
    > I want to share and example of a python script, to run it needs a google username and password. Is there a way for me to encrypt my username and password in the source code? I though about openID but don't really know anything about it.


    Nope. What you're asking for is essentially a form of DRM by including
    the information in a way the program can use it but the user can't
    extract it; DRM schemes have been broken many times and the idea is
    flawed even in theory, for if a person has control of their computer
    (or in the limit case, at least physical access to its innards), they
    can just watch the computation (e.g. memory snoop) until the data gets
    converted to its plain form so the program can actually utilize it,
    and then bada-bing, they have your valuable data.

    Think of it this way. If you encrypted the information in your
    program, the program would need to be able to decrypt it later so it
    could actually use the login info. For it to be able to do that, you'd
    have to include the encryption key in plaintext somewhere in the
    program so it could pass it into the decryption algorithm. But then
    someone can put 2 and 2 together, see that "there's his key!", and
    decrypt your info using the key. So, to prevent this, the key *itself*
    would then have to be encrypted...by another key, which again would be
    stored in plaintext in your program somewhere, where someone could
    then find it and use it to decrypt the first key and then your data,
    so you use yet another key to encrypt that key...(as you can see, this
    goes on ad infinitum, and thus the whole scheme is doomed). See also
    section 1, "DRM Systems Don't Work", of
    http://changethis.com/manifesto/show/4.DRM

    You can alternatively just try to obfuscate it, but that's obviously
    not truly secure and is likewise easily circumvented.

    Just let the user input their own Google Account info. If you're
    trying to show an example that depends on your own exact account, just
    include a transcript of your terminal session (omitting your Google
    Account info obviously).

    Cheers,
    Chris
    --
    DRM is http://defectiveByDesign.org
    http://blog.rebertia.com
     
    Chris Rebert, May 6, 2010
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. AAaron123
    Replies:
    2
    Views:
    2,265
    AAaron123
    Jan 16, 2009
  2. AAaron123
    Replies:
    1
    Views:
    1,370
    Oriane
    Jan 16, 2009
  3. Kzeto

    How to encrypt ASP source code.

    Kzeto, Sep 3, 2003, in forum: ASP General
    Replies:
    1
    Views:
    158
    Ray at
    Sep 3, 2003
  4. iweb
    Replies:
    1
    Views:
    283
    Turkbear
    Mar 27, 2006
  5. http://ejobseek.com

    Encrypt in Perl, De-encrypt in Javascript

    http://ejobseek.com, Sep 1, 2003, in forum: Perl Misc
    Replies:
    3
    Views:
    295
    James Willmore
    Sep 1, 2003
Loading...

Share This Page