[python-win32] Storing Passwords.

Discussion:

Alp Tunga Özkul

2015-01-18 17:02:01 UTC

Hello,

I am working on a project where my program need to access the servers with the passwords i store in a text file.

Is there a neat way of storing passwords other than text files? Users will never need to recover their passwords but the program itself have to.

Thanks in advance!

Alp Tunga Özkul

2015-01-18 18:19:39 UTC

Permalink

It does not the matter of extension, the point is users shouldn't be able to access the previously entered passwords.

For instance if encrypting is the answer, which libraries does people generally use.

Date: Sun, 18 Jan 2015 18:16:08 +0000
Subject: Re: [python-win32] Storing Passwords.
From: ***@jossgray.net
To: ***@hotmail.com
CC: python-***@python.org

Why don't you want to use a text file?
On 18 Jan 2015 18:11, "Alp Tunga Özkul" <***@hotmail.com> wrote:

Hello,

I am working on a project where my program need to access the servers with the passwords i store in a text file.

Is there a neat way of storing passwords other than text files? Users will never need to recover their passwords but the program itself have to.

Thanks in advance!

_______________________________________________

python-win32 mailing list

python-***@python.org

https://mail.python.org/mailman/listinfo/python-win32

Christian Calderon

2015-01-18 19:41:33 UTC

Permalink

Why don't you just store the hash of the password?

On Sunday, January 18, 2015, Alp Tunga Ãzkul <***@hotmail.com>
wrote:

> It does not the matter of extension, the point is users shouldn't be able
> to access the previously entered passwords.
>
> For instance if encrypting is the answer, which libraries does people
> generally use.
>
>
> Why don't you want to use a text file?
> On 18 Jan 2015 18:11, "Alp Tunga Ãzkul" <***@hotmail.com
> <javascript:_e(%7B%7D,'cvml','***@hotmail.com');>> wrote:
>
> Hello,
>
> I am working on a project where my program need to access the servers with
> the passwords i store in a text file.
>
> Is there a neat way of storing passwords other than text files? Users will
> never need to recover their passwords but the program itself have to.
>
> Thanks in advance!
>
> _______________________________________________
> python-win32 mailing list
> python-***@python.org
> <javascript:_e(%7B%7D,'cvml','python-***@python.org');>
> https://mail.python.org/mailman/listinfo/python-win32
>
>

Alp Tunga Özkul

2015-01-18 20:11:47 UTC

Permalink

As far as i know Username + Password =(MD5/SHA) Hash. And it is irreversible. I need the actual Username and Password to login to Servers (WMI).

Because lets say there is 10 different servers with 10 different credentials that my user use to access those servers, i need to store user given credentials for the next session.

Date: Sun, 18 Jan 2015 11:41:33 -0800
Subject: Re: [python-win32] Storing Passwords.
From: ***@gmail.com
To: ***@hotmail.com
CC: ***@jossgray.net; python-***@python.org

Why don't you just store the hash of the password?

On Sunday, January 18, 2015, Alp Tunga Özkul <***@hotmail.com> wrote:

It does not the matter of extension, the point is users shouldn't be able to access the previously entered passwords.

For instance if encrypting is the answer, which libraries does people generally use.

Why don't you want to use a text file?
On 18 Jan 2015 18:11, "Alp Tunga Özkul" <***@hotmail.com> wrote:

Hello,

I am working on a project where my program need to access the servers with the passwords i store in a text file.

Is there a neat way of storing passwords other than text files? Users will never need to recover their passwords but the program itself have to.

Thanks in advance!

_______________________________________________

python-win32 mailing list

python-***@python.org

https://mail.python.org/mailman/listinfo/python-win32

Tim Roberts

2015-01-19 07:07:48 UTC

Permalink

On Jan 18, 2015, at 12:11 PM, Alp Tunga Ãzkul <***@hotmail.com<mailto:***@hotmail.com>> wrote:

As far as i know Username + Password =(MD5/SHA) Hash. And it is irreversible. I need the actual Username and Password to login to Servers (WMI).

Because lets say there is 10 different servers with 10 different credentials that my user use to access those servers, i need to store user given credentials for the next session.

There is simply no general solution. If your program can recover the plaintext password, then anyone with access to the text files can recover the plaintext password.

If you donât want to store the passwords, then your only solution is to ask the user to enter them every time.
â
Tim Roberts, ***@probo.com<mailto:***@probo.com>
Providenza & Boekelheide, Inc.

Bob Hood

2015-01-19 12:27:35 UTC

Permalink

On 1/19/2015 12:07 AM, Tim Roberts wrote:
> On Jan 18, 2015, at 12:11 PM, Alp Tunga Özkul <***@hotmail.com
> <mailto:***@hotmail.com>> wrote:
>>
>> As far as i know Username + Password =(MD5/SHA) Hash. And it is
>> irreversible. I need the actual Username and Password to login to Servers
>> (WMI).
>>
>> Because lets say there is 10 different servers with 10 different
>> credentials that my user use to access those servers, i need to store user
>> given credentials for the next session.
>
> There is simply no general solution. If your program can recover the
> plaintext password, then anyone with access to the text files can recover
> the plaintext password.
>
> If you dont want to store the passwords, then your only solution is to ask
> the user to enter them every time.

I'm probably missing some crucial point here, but with Python being the host
environment, why wouldn't the Python "keyring" module provide the hardened
storage the OP is seeking? Each major OS (Windows, OS X and Linux) has an
operating system-hosted location for storing sensitive data--such as
passwords--so they cannot easily be accessed. The "keyring" provides a
framework for accessing each.

Absolutely no need to store them in plain text files on any OS.

Paul Koning

2015-01-19 14:48:28 UTC

Permalink

> On Jan 19, 2015, at 7:27 AM, Bob Hood <***@comcast.net> wrote:
>
> On 1/19/2015 12:07 AM, Tim Roberts wrote:
>> On Jan 18, 2015, at 12:11 PM, Alp Tunga Özkul <***@hotmail.com> wrote:
>>>
>>> As far as i know Username + Password =(MD5/SHA) Hash. And it is irreversible. I need the actual Username and Password to login to Servers (WMI).
>>>
>>> Because lets say there is 10 different servers with 10 different credentials that my user use to access those servers, i need to store user given credentials for the next session.
>>
>> There is simply no general solution. If your program can recover the plaintext password, then anyone with access to the text files can recover the plaintext password.
>>
>> If you don’t want to store the passwords, then your only solution is to ask the user to enter them every time.
>
> I'm probably missing some crucial point here, but with Python being the host environment, why wouldn't the Python "keyring" module provide the hardened storage the OP is seeking? Each major OS (Windows, OS X and Linux) has an operating system-hosted location for storing sensitive data--such as passwords--so they cannot easily be accessed. The "keyring" provides a framework for accessing each.
>
> Absolutely no need to store them in plain text files on any OS.

The advantage of text files is that it makes it clear that the storage is NOT secure. The drawback of other schemes is that they may also be insecure, but give the user an illusion of security. For example, if your script can extract the secret, so presumably can any other script or program. If so, why not use a text file? At least that way it’s clear that the barn door is wide open.

Yes, OSs have some way of storing sensitive data. If security matters, you should look closely at how those things work, and whether they actually deliver the security required for whatever data you’re putting there. You should also document clearly how things are stored, so that users of your software can independently make that evaluation for themselves.

paul

Bob Hood

2015-01-19 15:20:07 UTC

Permalink

On 1/19/2015 7:48 AM, Paul Koning wrote:
>> On Jan 19, 2015, at 7:27 AM, Bob Hood <***@comcast.net> wrote:
>>
>> On 1/19/2015 12:07 AM, Tim Roberts wrote:
>>> On Jan 18, 2015, at 12:11 PM, Alp Tunga Özkul <***@hotmail.com> wrote:
>>>> As far as i know Username + Password =(MD5/SHA) Hash. And it is irreversible. I need the actual Username and Password to login to Servers (WMI).
>>>>
>>>> Because lets say there is 10 different servers with 10 different credentials that my user use to access those servers, i need to store user given credentials for the next session.
>>> There is simply no general solution. If your program can recover the plaintext password, then anyone with access to the text files can recover the plaintext password.
>>>
>>> If you don’t want to store the passwords, then your only solution is to ask the user to enter them every time.
>> I'm probably missing some crucial point here, but with Python being the host environment, why wouldn't the Python "keyring" module provide the hardened storage the OP is seeking? Each major OS (Windows, OS X and Linux) has an operating system-hosted location for storing sensitive data--such as passwords--so they cannot easily be accessed. The "keyring" provides a framework for accessing each.
>>
>> Absolutely no need to store them in plain text files on any OS.
> The advantage of text files is that it makes it clear that the storage is NOT secure. The drawback of other schemes is that they may also be insecure, but give the user an illusion of security. For example, if your script can extract the secret, so presumably can any other script or program. If so, why not use a text file? At least that way it’s clear that the barn door is wide open.

Agreed. However, most of the time, those who have compromised your system are
doing a smash-and-grab where they are just looking for files they can copy.
It takes more time and effort to find (or upload) a program that they can
execute to extract "hidden" information than to simply discover a file called
"passwords.txt" and copy that to their local system.

Sony did this--quite literally had a file called "passwords.txt" that quite
literally contained user names and passwords. It's understood that storing
these things in an operating system-specific "vault" would not be 100% safe,
but, in the end, it certainly would have been more of a deterrent than just
putting your passwords into a plain text file.

R Schumacher

2015-01-19 16:21:50 UTC

Permalink

At 07:20 AM 1/19/2015, Bob Hood wrote:
>On 1/19/2015 7:48 AM, Paul Koning wrote:
>
> > The advantage of text files is that it makes it clear that the
> storage is NOT secure. The drawback of other schemes is that they
> may also be insecure, but give the user an illusion of
> security. For example, if your script can extract the secret, so
> presumably can any other script or program. If so, why not use a
> text file? At least that way it's clear that the barn door is wide open.
>
>Agreed. However, most of the time, those who have compromised your system are
>doing a smash-and-grab where they are just looking for files they can copy.
>It takes more time and effort to find (or upload) a program that they can
>execute to extract "hidden" information than to simply discover a file called
>"passwords.txt" and copy that to their local system.

If Python (pywin32 say?) can do IO on password data, then presumably
anyone who gains shell access can also, trivially.
Take Active Directory security, for instance; the OP might benefit
from this discussion:
http://stackoverflow.com/questions/7111618/win32-how-to-validate-credentials-against-active-directory
So, if one gains shell access, then a few milliseconds later easily employs
http://docs.activestate.com/activepython/2.5/pywin32/html/com/help/active_directory.html
where even in the supposedly "invalid" methods in the SO link one
could run millions of Exception-tests in seconds, testing the hashed,
"securely stored" passwords.
There is some benefit to using OS objects in that hackers with only
access through http/ftp can't do a grab-and-go. Unless of course they
have access to copy the DB file, then beating on it later, for days,
is possible.

Greg Ewing

2015-01-19 20:51:13 UTC

Permalink

Bob Hood wrote:
> I'm probably missing some crucial point here, but with Python being the
> host environment, why wouldn't the Python "keyring" module provide the
> hardened storage the OP is seeking?

The same problem arises. If the program can get the password
out of the keyring, then so can any user who is capable of
running the program. If nothing else, by inserting a print
statement into the program at the point just after it has
retrieved the password.

Keyrings allow a user to keep his or her passwords secret
from *other* users. The OP seems to want to keep the *user*
of the password from being able to know it, which is
fundamentally impossible.

The best you can do is obfuscate it, but with Python code
being so easy to reverse-engineer, you can't get much
security that way.

--
Greg

Tim Roberts

2015-01-20 08:26:10 UTC

Permalink

On Jan 19, 2015, at 12:51 PM, Greg Ewing <***@canterbury.ac.nz> wrote:
>
> The same problem arises. If the program can get the password
> out of the keyring, then so can any user who is capable of
> running the program. ...
>
> Keyrings allow a user to keep his or her passwords secret
> from *other* users. The OP seems to want to keep the *user*
> of the password from being able to know it, which is
> fundamentally impossible.

Actually, I don’t think that’s correct. I think he is trying to remotely administer a number of systems, and he just wants to be able to do logins for remote administration without having to retype the authentication every time. It’s the kind of thing where a Linux user would use ssh with a key forwarding agent.

I started to “pooh pooh” the keyring suggestion as well, and as I was typing my reply I realized it was pretty much the right answer.
—
Tim Roberts, ***@probo.com
Providenza & Boekelheide, Inc.