Oltmans wrote:
I'm writing a program in which I will ask users to enter user name and password once only. It's a console based program that will run on Windows XP. Actually, I'm trying to provide the similar functionality as "Remember me" thing in browsers. For that, I will need to store user name and passwords on the disk. I don't have a background in Crypto so how do you suggest I do that? What algorithms shall I be using? Moreover, I cannot use a whole library to do that due to certain issues. However, I can use like 1--2 files that will be shipped along with the main script. Any ideas? Any help will be really appreciated. Thanks.
There is a pure python implementation of blowfish out there. Google will help you. I can't remember which, if any, types of block chaining it supports. In some cases, it is important to use a block chaining protocol, but for passwords with high entropy (ie good passwords), block chaining is not really necessary.
256 bit Blowfish or AES are adequate for storage of sensitive passwords. You would be well advised to read a manual like Schneier before you use cryptography for sensitive applications. Pitfalls exist even when you use a strong algorithm and think you know what you are doing. Stay away from stream ciphers. They are easy to screw up.
Don't attempt to use DES, etc., for this either, they are not secure enough. Don't pretend that you can invent your own cipher either just in case the thought might cross your mind. Google "adacrypt" for some hilarity in this area.
If you check out sf.passerby.net and download the source, you will see a pure python module in there called jenncrypt which can help with buffering and has minimal fileIO type emulation for block ciphers, which you will appreciate when you try to use your block cipher for plaintexts of irregular sizes.
James -- http://mail.python.org/mailman/listinfo/python-list
