views:

88

answers:

3

Hello all. I have a script running on a remote machine. db info is stored in a configuration file. I want to be able to encrypt the password in the conf text so that no one can just read the file and gain access to the database. This is my current set up:

My conf file sensitive info is encoded with base64 module. The main script then decodes the info. I have compiled the script using py2exe to make it a bit harder to see the code. My question is:

Is there a better way of doing this? I know that base64 is not a very safe way of encrypting. Is there a way to encode using a key? I also know that py2exe can be reversed engineered very easily and the key could be found. Any other thoughts?

I am also running this script on a windows machine, so any modules that are suggested should be able to run in a windows environment with ease. I know there are several other posts on this topic but I have not found one with a windows solution, or at least one that is will explained.

A: 

If you want to be able to get back the password (instead you should hash it), you could always salt it for extra measures. But that wouldn't be much help if the user can get the salt out of the executable.

Really the best way would be to not let them access the database at all. Use a web service or a server on your DB machine.

Moox
A: 

Use the sha module with sha256. Generate a random per record key, that is also saved in the db with the password. With that also, use a unique identifier for hashing.

from hashlib import sha256
from random import random
random_key = random()
sha256('%s%s%s'%('YOR KEY',random_key,password))
Lakshman Prasad
To add a *slight* increase in security, you could use add machine-specific value to the password such as the Windows system SID, CPU ID, etc and use the resulting hash as the SHA key. This would safeguard against the encrypted file being simply copied off the machine but wouldn't do much against a determined attacker that can run code on the hosting machine.
Rakis
A: 

Honestly I would use some other back-end. AxCrypt has command line switches. You can then easily write a wrapper in Python (if you don't want to use AxCrypt itself).

Of course if you want a fairly simple way that may be more secure if applied properly, you can use XOR encryption - it's really easy to do such a thing with Python. Just make sure to take into account the weaknesses and strengths. But if you're confident enough that you can make a secure(??) key, it might work for you.

However, the AxCrypt solution is probably just as easy and likely to be stronger. Just keep in mind that nothing is really unbreakable, it's really a question of how long it will take them to break it.

Wayne Werner