How to store passwords?

[Oltmans]

I'm writing a program in which I will ask users to enter user name and
password once only. It's a console based program that will run on
Windows XP. Actually, I'm trying to provide the similar functionality
as "Remember me" thing in browsers. For that, I will need to store
user name and passwords on the disk. I don't have a background in
Crypto so how do you suggest I do that? What algorithms shall I be
using? Moreover, I cannot use a whole library to do that due to
certain issues. However, I can use like 1--2 files that will be
shipped along with the main script. Any ideas? Any help will be really
appreciated. Thanks.

 

[Oltmans]

In general you don't store the password, but a "hash" of it. Then when
the user logs-in, you hash it and compare the result with the stored
hash.
About hash, use sha, look here:http://docs.python.org/library/hashlib.html#module-hashlib

But the thing is that I will ask the user for user name and password
only once i.e. when they start the application for the first time.
After that, I'm not supposed to ask the user name and password again.
So in this scenario, if I store a hash on the disk I cannot retrieve
plain-text string back from my hash as I've to send user name and
password to the server in plain-text.

 

[James Stroud]

I'm writing a program in which I will ask users to enter user name and
password once only. It's a console based program that will run on
Windows XP. Actually, I'm trying to provide the similar functionality
as "Remember me" thing in browsers. For that, I will need to store
user name and passwords on the disk. I don't have a background in
Crypto so how do you suggest I do that? What algorithms shall I be
using? Moreover, I cannot use a whole library to do that due to
certain issues. However, I can use like 1--2 files that will be
shipped along with the main script. Any ideas? Any help will be really
appreciated. Thanks.

There is a pure python implementation of blowfish out there. Google will
help you. I can't remember which, if any, types of block chaining it
supports. In some cases, it is important to use a block chaining
protocol, but for passwords with high entropy (ie good passwords), block
chaining is not really necessary.

256 bit Blowfish or AES are adequate for storage of sensitive passwords.
You would be well advised to read a manual like Schneier before you use
cryptography for sensitive applications. Pitfalls exist even when you
use a strong algorithm and think you know what you are doing. Stay away
from stream ciphers. They are easy to screw up.

Don't attempt to use DES, etc., for this either, they are not secure
enough. Don't pretend that you can invent your own cipher either just in
case the thought might cross your mind. Google "adacrypt" for some
hilarity in this area.

If you check out sf.passerby.net and download the source, you will see a
pure python module in there called jenncrypt which can help with
buffering and has minimal fileIO type emulation for block ciphers, which
you will appreciate when you try to use your block cipher for plaintexts
of irregular sizes.

James

 

[James Stroud]

There is a pure python implementation of blowfish out there. Google will
help you. I can't remember which, if any, types of block chaining it
supports. In some cases, it is important to use a block chaining
protocol, but for passwords with high entropy (ie good passwords), block
chaining is not really necessary.

256 bit Blowfish or AES are adequate for storage of sensitive passwords.
You would be well advised to read a manual like Schneier before you use
cryptography for sensitive applications. Pitfalls exist even when you
use a strong algorithm and think you know what you are doing. Stay away
from stream ciphers. They are easy to screw up.

Don't attempt to use DES, etc., for this either, they are not secure
enough. Don't pretend that you can invent your own cipher either just in
case the thought might cross your mind. Google "adacrypt" for some
hilarity in this area.

If you check out sf.passerby.net and download the source, you will see a
pure python module in there called jenncrypt which can help with
buffering and has minimal fileIO type emulation for block ciphers, which
you will appreciate when you try to use your block cipher for plaintexts
of irregular sizes.

James

Before anyone jumps me, I just realized the point is authentication. Use
a hash as others have suggested.

James

 

[MRAB]

But the thing is that I will ask the user for user name and password
only once i.e. when they start the application for the first time.
After that, I'm not supposed to ask the user name and password again.
So in this scenario, if I store a hash on the disk I cannot retrieve
plain-text string back from my hash as I've to send user name and
password to the server in plain-text.

Is the application itself password-protected? If not, then there's no
point in encrypting the username and password for the server in a file
because anyone could just run the application after the first time and
use it to access the server.

 

[Martin v. Löwis]

I'm writing a program in which I will ask users to enter user name and

password once only. It's a console based program that will run on
Windows XP. Actually, I'm trying to provide the similar functionality
as "Remember me" thing in browsers. For that, I will need to store
user name and passwords on the disk. I don't have a background in
Crypto so how do you suggest I do that?

Here is how the "Remember me" thing in browsers works:

1. The user *has* to pick a "master password". It can't work
without (ignoring smartcards etc.).
2. the browser uses the master password to encrypt the many
individual passwords that the user needs.
3. when the user navigates to a password protected site, the
browser checks whether it has a cached password, and uses
the master password to restore the encrypted site password.

In interaction, several cases can occur

A1. site never seen, no master password entered
- ask user for site password, and whether to
store password
- ask user for master password
- encrypt site password, and store on disk
- remember master password in memory
A2. site seen before, no master password entered
- ask for master password, then continue with B2
B1. site never seen, master password entered
- ask user for site password, and whether to store it
- (if store) encrypt site password, store on disk
B2. site seen before, master password entered
- load encrypted password from disk, decrypt with
master password, send to site

The "encrypt" and "decrypt" operations are "symmetric",
so what you need is a symmetric encryption algorithm.

If you absolutely cannot accept additional algorithms,
you can implement XOR password encryption yourself:
Compute, letter-for-letter, the exclusive or of the
site password and the master password; if you run out
of master password letters, start over with the first
one. Notice that this algorithm is very poor, and can
be cracked by a crypto expert easily, given a few
encrypted passwords.

If you want a good algorithm, you might chose AES,
with pure-Python implementations available here:

http://bitconjurer.org/rijndael.py

A simpler, yet supposedly secure algorithm is TEA:

http://mail.python.org/pipermail/python-list/2002-August/159138.html

Regards,
Martin

 

[News123]

I'm writing a program in which I will ask users to enter user name and
password once only. It's a console based program that will run on
Windows XP. Actually, I'm trying to provide the similar functionality
as "Remember me" thing in browsers. For that, I will need to store
user name and passwords on the disk. I don't have a background in
Crypto so how do you suggest I do that? What algorithms shall I be
using? Moreover, I cannot use a whole library to do that due to
certain issues. However, I can use like 1--2 files that will be
shipped along with the main script. Any ideas? Any help will be really
appreciated. Thanks.

If you have to store user name and password in order to send them at a
later time to another application, then there is really no point for
encryption.

If your script can read it, then anybody who can read your script (and
thus the encryption password) will be able to decrypt the username and
password.

One exception on linux: suid executables writing the password file with
restricted permissions, but then you rely on file system permissions and
not on passwords


ANother exception would be if
- you start your python script
- you enter a password interactively
- the user switches then over enters his username and password,
which you encrypt with your interactive pwd

Lateron you could
- start your script
- enter your interactive password
- read the encrypted user name / passwords from a file and send them
over the network.



Perhaps it would be best if you explain EXACTLY, what you would like to
achieve and who trusts whom, whom you want to hide the passwords from,
etc .



bye


N

 

[James Stroud]

If you check out sf.passerby.net and download the source, you will see a

passerby.sf.net

Shuffle things I did.

 

[Rhodri James]

But the thing is that I will ask the user for user name and password
only once i.e. when they start the application for the first time.
After that, I'm not supposed to ask the user name and password again.
So in this scenario, if I store a hash on the disk I cannot retrieve
plain-text string back from my hash as I've to send user name and
password to the server in plain-text.

The words "massive security hole" spring to mind. Does your server
really require you to reauthenticate so often? Can't you invoke
some kind of secured protocol instead?