Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What is the most secure python "password" encryption

Tags:

python

security

encryption

I am making a little webgame that has tasks and solutions, the solutions are solved by entering a code given to user after completion of a task. To have some security (against cheating) i dont want to store the codes genereted by the game in plain text. But since i need to be able to give a player the code when he has accomplished the task i cant hash it since then i cant retrive it.

So what is the most secure way to encrypt/decrypt something using python?

like image 324
espenhogbakk Avatar asked Jun 25 '09 12:06

espenhogbakk

1 Answers

If your script can decode the passwords, so can someone breaking in to your server. Encryption is only really useful when someone enters a password to unlock it - if it remains unlocked (or the script has the password to unlock it), the encryption is pointless

This is why hashing is more useful, since it is a one way process - even if someone knows your password hash, they don't know the plain-text they must enter to generate it (without lots of brute-force)

I wouldn't worry about keeping the game passwords as plain-text. If you are concerned about securing them, fix up possibly SQL injections/etc, make sure your web-server and other software is up to date and configured correctly and so on.

Perhaps think of a way to make it less appealing to steal the passwords than actually play the game? For example, there was a game (I don't recall what it was) which if you used the level skip cheat, you went to the next level but it didn't mark it as "complete", or you could skip the level but didn't get any points. Or look at Project Euler, you can do any level, but you only get points if you enter the answer (and working out the answer is the whole point of the game, so cheating defeats the playing of the game)

If you are really paranoid, you could possibly use asymmetric crypto, where you basically encrypt something with key A, and you can only read it with key B..

I came up with an similar concept for using GPG encryption (popular asymmetric crypto system, mainly used for email encryption or signing) to secure website data. I'm not quite sure how this would apply to securing game level passwords, and as I said, you'd need to be really paranoid to even consider this..

In short, I'd say store the passwords in plain-text, and concentrate your security-concerns elsewhere (the web applications code itself)

like image 116
dbr Avatar answered Oct 10 '22 04:10

dbr
Sign in to Comment

Related questions

ImportError: cannot import name '_ColumnEntity' Ubuntu20.10 [duplicate]
Regex to group words separated by space
Python: Sorting items from top left to bottom right with OpenCV
Pandas percentage change using group by
How to calculate ratio of values in a pandas dataframe column?
How to add a row in a special form
Overloading operators using __getattr__ in Python
How keep a value in a DataFrame using the values of another DataFrame as indexes and columns reference (and replace the others)?
Regex to remove conditional comments
Why won't Django 1.0 admin application work?
Django foreign key access in save() function
When printing an image, what determines how large it will appear on a page?
Do Python regexes support something like Perl's \G?
How does Vista Recycle bin work?
How can I talk to UniProt over HTTP in Python?
Why is my send_mail() command not working in Django?
Use value of variable in lambda expression [duplicate]
How to generate a PDF from an HTML / CSS (including images) source in Python? [closed]
How should I store state for a long-running process invoked from Django?
Python unittest: how do I test the argument in an Exceptions?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!