James Stroud wrote:
Oltmans wrote:
I'm writing a program in which I will ask users to enter user name and
password once only. It's a console based program that will run on
Windows XP. Actually, I'm trying to provide the similar functionality
as "Remember me" thing in browsers. For that, I will need to store
user name and passwords on the disk. I don't have a background in
Crypto so how do you suggest I do that? What algorithms shall I be
using? Moreover, I cannot use a whole library to do that due to
certain issues. However, I can use like 1--2 files that will be
shipped along with the main script. Any ideas? Any help will be really
appreciated. Thanks.
There is a pure python implementation of blowfish out there. Google will
help you. I can't remember which, if any, types of block chaining it
supports. In some cases, it is important to use a block chaining
protocol, but for passwords with high entropy (ie good passwords), block
chaining is not really necessary.
256 bit Blowfish or AES are adequate for storage of sensitive passwords.
You would be well advised to read a manual like Schneier before you use
cryptography for sensitive applications. Pitfalls exist even when you
use a strong algorithm and think you know what you are doing. Stay away
from stream ciphers. They are easy to screw up.
Don't attempt to use DES, etc., for this either, they are not secure
enough. Don't pretend that you can invent your own cipher either just in
case the thought might cross your mind. Google "adacrypt" for some
hilarity in this area.
If you check out sf.passerby.net and download the source, you will see a
pure python module in there called jenncrypt which can help with
buffering and has minimal fileIO type emulation for block ciphers, which
you will appreciate when you try to use your block cipher for plaintexts
of irregular sizes.
James
Before anyone jumps me, I just realized the point is authentication. Use
a hash as others have suggested.
James
--
http://mail.python.org/mailman/listinfo/python-list
