tags:

views:

88

answers:

3
Q: 

encrypting passwords in a python conf file on a windows platform

Hello all. I have a script running on a remote machine. db info is stored in a configuration file. I want to be able to encrypt the password in the conf text so that no one can just read the file and gain access to the database. This is my current set up:

My conf file sensitive info is encoded with base64 module. The main script then decodes the info. I have compiled the script using py2exe to make it a bit harder to see the code. My question is:

Is there a better way of doing this? I know that base64 is not a very safe way of encrypting. Is there a way to encode using a key? I also know that py2exe can be reversed engineered very easily and the key could be found. Any other thoughts?

I am also running this script on a windows machine, so any modules that are suggested should be able to run in a windows environment with ease. I know there are several other posts on this topic but I have not found one with a windows solution, or at least one that is will explained.

A: 

If you want to be able to get back the password (instead you should hash it), you could always salt it for extra measures. But that wouldn't be much help if the user can get the salt out of the executable.

Really the best way would be to not let them access the database at all. Use a web service or a server on your DB machine.

Moox  2010-06-09 12:19:10
A: 

Use the sha module with sha256. Generate a random per record key, that is also saved in the db with the password. With that also, use a unique identifier for hashing.

from hashlib import sha256
from random import random
random_key = random()
sha256('%s%s%s'%('YOR KEY',random_key,password))
Lakshman Prasad  2010-06-09 12:24:19
To add a *slight* increase in security, you could use add machine-specific value to the password such as the Windows system SID, CPU ID, etc and use the resulting hash as the SHA key. This would safeguard against the encrypted file being simply copied off the machine but wouldn't do much against a determined attacker that can run code on the hosting machine.
Rakis  2010-06-09 12:39:26
A: 

Honestly I would use some other back-end. AxCrypt has command line switches. You can then easily write a wrapper in Python (if you don't want to use AxCrypt itself).

Of course if you want a fairly simple way that may be more secure if applied properly, you can use XOR encryption - it's really easy to do such a thing with Python. Just make sure to take into account the weaknesses and strengths. But if you're confident enough that you can make a secure(??) key, it might work for you.

However, the AxCrypt solution is probably just as easy and likely to be stronger. Just keep in mind that nothing is really unbreakable, it's really a question of how long it will take them to break it.

Wayne Werner  2010-06-09 12:38:56

related questions

Verifying files for testing
How do you create your own moniker (URL Protocol) on Windows systems?
Windows Equivalent of 'nice'
Is this a good way to determine OS Architecture?
Dual vs. Quadcore on a Webserver
Is there a WMI Redistributable Package?
PHP Error - Uploading a file
Ruby On Rails with Windows Vista - Best Setup?
OpenVPN Config file to prevent timeout
How can I create Debian install packages in Windows for a Visual Studio project?
How do I configure and communicate with a serial port?
What's the best setup for Mono development on Windows?
Appropriate pagefile size for SQL Server
XML Editing/Viewing Software
Linux shell equivalent on IIS
What is a better file copy alternative than the Windows default?
Windows Help files - what are the options?
Heap corruption under Win32; how to locate?
Best way to access Exchange using PHP?
Get a preview jpeg of a pdf on windows?
WinForms ComboBox data binding gotcha
How do you schedule tasks in Windows?
Register Windows program with the mailto protocol programmatically
Embedding Windows Media Player for all Browsers
Best Subversion clients for Windows Vista (64bit)