2

I have been trying to make a secure login on a python program I've been working on, but everything I try doesn't seem to help. I need a snippet of code that I can put in my script. My main issue is that anyone who looks at my script can just see the password. Plus I don't know how to put stars instead of characters when they type in password. This is my login code, it is very basic because I'm pretty much a beginner. 

#login
import webbrowser as w
def username():
    print("Enter UserName")
    usrnm = input()
    if(usrnm == "example"):
        password()
    else:
        notusername()
 def notusername():
    print("Try Again")
    username()
 def password():
    print("Enter Password")
    pswrd = input()
    if(pswrd == "password"):
        w.open("www.example.net")
    else:
        notusername()
 username()
Braden Parks
  • 53
  • 1
  • 10
  • For password I generally use getpass lib. when i reading from terminal https://stackoverflow.com/questions/9202224/getting-command-line-password-input-in-python – Kiran Kumar Kotari Jul 22 '18 at 01:25

2 Answers2

5

First, let me preface this by saying that, especially if you're a beginner, it is usually not a good idea to try to implement your own login/security code for anything that is public and seriously needs security.

Having said that, the general approach to hiding the actual password is to store a hash (e.g. SHA-1) of the password, not the password itself. You can then safely store that hash value wherever you like (e.g. database, text file etc.) In python you can do this using something like hashlib e.g. 

import hashlib

sh = hashlib.sha1()
sh.update('password')
hash_value = sh.hexdigest()
# write hash_value to file/db...

When you go to validate against the stored password, you take the hash of the user input and compare it against the stored hash. If they are the same, then the password is correct.

Again, for any serious security, use one of the many frameworks that are available, as they have been tested by many people.

nik
  • 676
  • 1
  • 11
  • 28
  • 1
    You shouldn't hash passwords using a time constant hash. – Jakob Bowyer Jan 16 '15 at 23:49
  • 2
    @JakobBowyer Agreed. This was meant to be more of a general strategy, rather than an implementation guide. In real life you would probably use something like [passlib](https://pythonhosted.org/passlib/) to do the hashing with PBKDF and friends. – nik Jan 20 '15 at 01:24
0

You Should try this code

list1 = ('Password is Correct...' , 'Password is Incorrect' , 'Closing Python...','Hello',
         '''Press Enter to Continue...''', 'Closing Python...' , 'badger123',
         '''Please Enter Your Name: ''', 'Please Enter Your Password: ')

name = input(list1[7])

password = input(list1[8])
if password == list1[6]:
    print(list1[0])
else:
    print(list1[1])
    exit()

import time
time.sleep(0)
input(list1[4])
time.sleep(0)




print (list1[3] , name)



import time

time.sleep(1)

print (list1[5])

import time

time.sleep(5)

input (list1[4])

exit()
Faraz4567
  • 23
  • 1
  • 7