Securely store passwords for use in python script

Question

Securely store passwords for use in python script

Possible duplicate:
I need to safely store the username and password in Python, what are my options?

I am looking for a way to securely store passwords that I intend to use in some Python scripts. I will register in different things, and I do not want to store passwords as plaintext in the script itself.

Instead, I was wondering if there was anything that could safely store these passwords and then retrieve them using something like a master password, which I could enter into the script at the beginning.

+47

python security

user1598386 Aug 20 '12 at 18:05

source share

3 answers

CppLearner · Answer 1 · 2012-08-21 00:52

Know the master key yourself. Do not try to do this.

Use py-bcrypt (bcrypt), a powerful hash method to generate a password yourself.

Basically you can do it (idea ...)

 import bcrypt from getpass import getpass master_secret_key = getpass('tell me the master secret key you are going to use') salt = bcrypt.gensalt() combo_password = raw_password + salt + master_secret_key hashed_password = bcrypt.hashpw(combo_password, salt)

save the salt and hash the password somewhere, so whenever you need to use a password, you read the encrypted password and check the original password that you enter again.

This is basically how login should work these days.

Pratik Mandrekar · Answer 2 · 2012-08-20 18:47

I usually have secrets.py , which is kept separate from my other python scripts and is not versioned. Then, when necessary, you can do from secrets import <required_pwd_var> . Thus, you can rely on built-in file security on operating systems without inventing your own.

Using Base64 encoding / decoding is also another way to obfuscate a password, although not completely secure.

More info here Hiding the password in python script (unsafe obfuscation)

Ted Shaw · Answer 3 · 2012-08-21 01:30

The secure way encrypts your sensitive AES data, and the encryption key is derivation using the password-based key derivation (PBE) function, the master password used to encrypt / decrypt the encryption key for AES.

master password → secure key-> encrypt data with a key

You can use pbkdf2

 from PBKDF2 import PBKDF2 from Crypto.Cipher import AES import os salt = os.urandom(8) # 64-bit salt key = PBKDF2("This passphrase is a secret.", salt).read(32) # 256-bit key iv = os.urandom(16) # 128-bit IV cipher = AES.new(key, AES.MODE_CBC, iv)

be sure to save the salt / iv / passphrase and decrypt using the same salt / iv / passphase

Weblogic took a similar approach to protect passwords in configuration files

Securely store passwords for use in python script

More articles: