Programming Forums > Script Programming > Python

Eragon229 · Jul 27th, 2005, 1:28 PM

Hi. I'm new. I'm trying to use a code to make my program password protected. It keeps saying:
while password != "abcddcba":
NameError: name 'password' is not defined

Thanks.

Riddle · Jul 27th, 2005, 1:50 PM

Insert this somewhere in your code (before this while loop starts)..

(Toggle Plain Text)

password=""

Eragon229 · Jul 27th, 2005, 2:00 PM

Thanks.

Sane · Jul 27th, 2005, 6:30 PM

The password will be hidden in the source code, so people could easily retrieve it. Raise security by creating your own encrypt and decrypt function, then pre-compile the python file.

Cerulean · Jul 27th, 2005, 7:10 PM

Quote:

Raise security by creating your own encrypt and decrypt function, then pre-compile the python file.

I couldn't disagree any more. String obfuscation just lulls the user into a false sense of security - much more dangerous than knowing what the risks are. You're going to have to include the code to get the file back to normal, and it doesn't take much time to go from there and retrieve the password. I suppose dynamically constructing the password string would be remotely helpful in that it will make the cracker take longer, or maybe just give up after a while.

hydroxide · Jul 29th, 2005, 12:15 AM

1/ You should compare encrypted/hashed strings only
2/ You should use library encryption rather than hand rolling your own.
3/ You should use library functions for other things too.

Do the following in the Interactive Interpreter (etc)

(Toggle Plain Text)

import md5
print md5.md5("InsertYourPasswordHere").hexdigest()

copy the output (in this case 66e37426a7ff13e2957b2eed7c26039b, but obviously it'll be different for a different password)

Then in your user code use:

(Toggle Plain Text)

from getpass import getpass
from md5 import md5
MYPASSWORDHASH = "66e37426a7ff13e2957b2eed7c26039b" # or whatever
def get_password():
    for i in range(3):
        password = md5(getpass("Enter your password: "))
        if password.hexdigest() == MYPASSWORDHASH:
            return True
    return False

def main():
    if get_password():
        print "Success"
        # do something here
    else:
        print "Failure"
        # do something else here

if __name__ == "__main__":
    main()

--OH.
[Ok, md5 is theoretically breakable... =]

Riddle · Jul 27th, 2005, 7:18 PM

Bah... if he's asking this question, I think that he is most likely not scripting something which really needs this security. I mean yeah, it's dandy and all, but is it needed?

Eragon229 · Jul 27th, 2005, 8:29 PM

I'm not that advanced, just starting python. The least I can do is prevent access to the source code. How? I have no clue. I don't have to worry as long as that particular person does not have Python installed in the system. It'll open using command prompt.

Riddle · Jul 27th, 2005, 9:15 PM

Quote:

Originally Posted by Eragon229

I'm not that advanced, just starting python. The least I can do is prevent access to the source code. How? I have no clue. I don't have to worry as long as that particular person does not have Python installed in the system. It'll open using command prompt.

If the person does not have Python installed on the system, it will not run- unless you use py2exe. In which case you'll need to give them the python DLL with it. Some people will say that py2exe is hard to use, but it's really not.. I dunno what their deal is.

Sane · Jul 28th, 2005, 6:00 AM

Quote:

I couldn't disagree any more. String obfuscation just lulls the user into a false sense of security... ... ...

That's why I said you then precompile it. But if you precompile it without making an encrypted string, you can still find the password inside the compiled file. At least if you encrypt it they'll have to guess how you did it, or find whatever thing is used to decompile python files.

He said he's new to Python, so that would probably be the easiest way for him.

Jul 27th, 2005, 1:28 PM	#1
Eragon229 Newbie Join Date: Jul 2005 Posts: 14 Rep Power: 0	Password Code Problem Hi. I'm new. I'm trying to use a code to make my program password protected. It keeps saying: while password != "abcddcba": NameError: name 'password' is not defined Thanks.

Jul 27th, 2005, 1:50 PM	#2
Riddle Programmer Join Date: May 2005 Location: Nar Shaddaa Posts: 42 Rep Power: 0	Insert this somewhere in your code (before this while loop starts).. (Toggle Plain Text) password="" password=""

Jul 29th, 2005, 12:15 AM	#6
hydroxide Programmer Join Date: Apr 2005 Posts: 73 Rep Power: 4	1/ You should compare encrypted/hashed strings only 2/ You should use library encryption rather than hand rolling your own. 3/ You should use library functions for other things too. Do the following in the Interactive Interpreter (etc) (Toggle Plain Text) import md5 print md5.md5("InsertYourPasswordHere").hexdigest() import md5 print md5.md5("InsertYourPasswordHere").hexdigest() copy the output (in this case 66e37426a7ff13e2957b2eed7c26039b, but obviously it'll be different for a different password) Then in your user code use: (Toggle Plain Text) from getpass import getpass from md5 import md5 MYPASSWORDHASH = "66e37426a7ff13e2957b2eed7c26039b" # or whatever def get_password(): for i in range(3): password = md5(getpass("Enter your password: ")) if password.hexdigest() == MYPASSWORDHASH: return True return False def main(): if get_password(): print "Success" # do something here else: print "Failure" # do something else here if __name__ == "__main__": main() from getpass import getpass from md5 import md5 MYPASSWORDHASH = "66e37426a7ff13e2957b2eed7c26039b" # or whatever def get_password(): for i in range(3): password = md5(getpass("Enter your password: ")) if password.hexdigest() == MYPASSWORDHASH: return True return False def main(): if get_password(): print "Success" # do something here else: print "Failure" # do something else here if __name__ == "__main__": main() --OH. [Ok, md5 is theoretically breakable... =]

Thread Tools
Show Printable Version Email this Page
Display Modes
Switch to Linear Mode Hybrid Mode Switch to Threaded Mode

Jul 27th, 2005, 2:00 PM	#3
Eragon229 Newbie Join Date: Jul 2005 Posts: 14 Rep Power: 0	Thanks.

Jul 27th, 2005, 6:30 PM	#4
Sane Programming Guru Join Date: Apr 2005 Posts: 1,825 Rep Power: 5	The password will be hidden in the source code, so people could easily retrieve it. Raise security by creating your own encrypt and decrypt function, then pre-compile the python file.

Jul 27th, 2005, 7:18 PM	#7
Riddle Programmer Join Date: May 2005 Location: Nar Shaddaa Posts: 42 Rep Power: 0	Bah... if he's asking this question, I think that he is most likely not scripting something which really needs this security. I mean yeah, it's dandy and all, but is it needed?

Jul 27th, 2005, 8:29 PM	#8
Eragon229 Newbie Join Date: Jul 2005 Posts: 14 Rep Power: 0	I'm not that advanced, just starting python. The least I can do is prevent access to the source code. How? I have no clue. I don't have to worry as long as that particular person does not have Python installed in the system. It'll open using command prompt.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Programming Forums > Script Programming > Python

Password Code Problem