My python-script (Python 2.6, on Debian Linux) asks the user for a password, wich is then saved in the users home directory.
Because i don't want to safe the password as plain text, i want to encrypt it somehow. So i thought that maybe i could use the (private) ssh-key of the user to encrypt and decrypt the password thats saved in the file, so that only one with access to the private ssh key can decrypt the saved password.
Is it a good idea to use the private ssh key for this? How can i use the key to encrypt a string in python?
(btw i don't want to use keyring and stuff like that)
EDIT
Okay i understand its a bad idea to use the users ssh key for stuff like that.
Instead i'm now just using base64 encoding, like described here:
How does one encode and decode a string with Python for use in a URL?
of course its not save, when someone reads my python script. But its enough for me, not having to save the password as plain text.
The only thing that's definitely worth doing is storing the file that only the user can read.
Your argument for using the ssh key seems to be something like the following:
I need to store a password, so I'll encrypt it
If I use the user's ssh key to do the encryption this will prevent someone decrypting the password even if they have the source of my script because only the user can read their ssh key.
If you store the encrypted password in a file only the user can read you get the same benefit as using the ssh key without having to bother with reading the users ssh keys at all.
I agree there's some benefit to not storing the password in plain text to prevent someone logged in as root just doing:
cat secret-password
to get the password but remember it would be easy to find the line in your Python script which said:
password = decrypt-password(data)
and add the following line:
print "The user's password is",password
Something like os.fchown() would do the trick to protect the file, as would just creating the file with the correct permissions in the first place.
You could base64 encode the password so it is not plain text, but if we assume an attacker can read and edit your script the only thing which will protect the user is the attacker not being able to read the file containing the encrypted password.
If you're really worried about this, just prompt the user for the password each time they run the script.
Is it a good idea to use the private ssh key for this?
No:
The private key could be password protected itself.
It's poor form to go reading user's secret keys.
It can be changed without regard to your script.
You also seem to be mixing up your terminology. You've used encoding, decoding and hashing when I'd assume you'd mean encrypting and decrypting.
As Dave Webb points out, your premise that the private key file is read-only to the user and not itself encrypted. You'd be going from "protected by filesystem user-read-only" to "protected by a different file that is user-read-only".
Related
I'm making an application where there are user accounts in play.
All data of the user is encrypted using a key. This key is encrypted itself, using the hash of the user password. This means that when the user logs in with the correct password, the resulting hash will decrypt the key which can then be used to decrypt all other data of the user. The user password is the "gate" to all user data.
Forgetting their user password means losing their account. I want to implement a way to recover their account.
To recover their account, it needs to be possible to recover the decrypted key without storing it in decrypted form in the database and without encrypting it using a password. It needs to be recoverable using email recovery or something similar.
I haven't found a way to make this work and that's why I'm asking help. I don't need code (it's written in python though if you really want to); just pseudo-code about how one should go about implementing this is enough.
Basically, I have built a login system.
The first time that a user uses the login system, a text file is created and the username and password are saved there when the user uses a "remember password?" function.
The second time the software uses the system, the system already has the user and password typed in if the user previously used the "remember password?" function.
The thing is, the text file where the password and user are stored can be accessed by simply just going to folder and double clicking on it, which is awful for security reasons.
Is it possible to make it so that the text file can't be accessed outside the program?
It's not possible, as long as you are storing data on your disk, the data will always be readable.
Actuall when you uses .txt, it means that you want it to be readable to others. If you are looking for security, you have to encode your content(Account & Password) to something else that only your program can read.
something similar to chaning 'A' to 'B', '1' to '0', '0' to '7'.....
or another approach used by modern Login Sytem: Hashing your Password
Basically, there isn't a way to securely store a password in clear in a file in the file system.
You can arrange things so that a file can only be read by a specific account on the system. However, someone with admin privilege will (probably) be able to do things that will give themselves access. And there will most likely be other ways to break file system security in some circumstances.
The ideal solution is to NOT store the password. Even storing it encrypted with a private key is a bad idea.
Creating and storing a "salted hash" of a password can be secure ... provided that there is no way that a "bad guy" can capture the password characters before they have been hashed, but I don't think that is going to help you here ... since you apparently need to be able to recover the actual password.
Maybe the best approach would be to investigate "password safe" or "key chain" products that are provided by the client's OS or web browser. Unfortunately, this is going to be platform specific.
You could also just "hide" the file containing the password, or (reversibly) obscure the password. But this is insecure. It can easily be defeated by reverse engineering the steps that your code is taking to hide the password.
I need user_password plaintext using Django. I tried many ways to get plaintext in user_password. but It's not working. So, I analyzed how the Django user password is generated. it's using the make_password method in the Django core model. In this method generating the hashed code using( pbkdf2_sha256) algorthm. If any possible to decrypt the password.
Example:
pbkdf2_sha256$150000$O9hNDLwzBc7r$RzJPG76Vki36xEflUPKn37jYI3xRbbf6MTPrWbjFrgQ=
As you have already seen, Django uses hashing method like SHA256 in this case. Hashing mechanisms basically use lossy compression method, so there is no way to decrypt hashed messages as they are irreversible. Because it is not encryption and there is no backward method like decryption. It is safe to store password in the hashed form, as only creator of the password should know the original password and the backend system just compares the hashes.
This is normal situation for most backend frameworks. Because this is made for security reasons so far. Passwords are hashed and saved in the database so that even if the malicious user gets access to the database, he can't find usefull information there or it will be really hard to crack the hashes with some huge words dictionary.
I'm working on a python script that will need to connect to a postgreSQL server. What the best practice for the username and password? In this tutorial ZetCode is just using the username and password (if needed) in the code itself. Is this the right way or should there be some sort of hashed file to read from?
http://zetcode.com/db/postgresqlpythontutorial/
Store the username and password in a file, then restricting access to that file would be a good start.
Storing a hashed username or password won't work, because you cannot undo a hash function.
If you think that storing the username and password in plain text isn't secure enough in your situation, encrypt them. When the script starts, it asks for the passphrase. That passphrase is then hashed using PBKDF2 or scrypt. Use that hash as the key for encryption/decryption. See cryptographic right answers.
This does mean that your script needs operator input every time it starts!
I'm making a company back-end that should include a password-safe type feature. Obviously the passwords needs to be plain text so the users can read them, or at least "reversible" to plain text somehow, so I can't use hashes.
Is there anything more secure I can do than just placing the passwords in plain-text into the database?
Note: These are (mostly) auto-generated passwords that is never re-used for anything except the purpose they are saved for, which is mostly FTP server credentials.
You can use MySQL's ENCODE(), DES_ENCRYPT() or AES_ENCRYPT() functions, and store the keys used to encrypt in a secure location.
Use encryption. The passwords won't be in plain text so you'll have some security but it can be reversed.
The code in this answer should do the trick.