2

I am new to programming and am wondering if this is possible. I am trying to create a password protected script, where the password is entered once and then required to progress the script the next time the script is opened. I am storing and encrypting the password in a file, and then checking to see if the file exists the next time the script is opened. The problem I am running into is checking to see if the passwords match, since the original password is in a function as a local variable. 

def createFile():
 pw = input('Enter Password: ')
 pw2 = input('ReType Password: ')
 if pw == pw2: 
 newPw = encrypt(pw, 10) #encodes the string with a key in a seperate encrypt function
 pwFile = open('PW.txt', 'a')
 pwFile.write(newPw)
 pwFile.close()
 else:
 print('The passwords do not match')
 createFile()
if os.path.isfile('PW.txt'):
 print('File exists')
 pwCheck = input('What is the password? ')
 #I can not check pwCheck == pw since pw is a local var.
 #progression of script here
else:
 createFile()

I know that it is considered bad for to make a local variable global. Is there a way to restructure what I have so far to make this work? As I wrote this, I think I may have came up with a possible solution but I do not have time to test it now. Do I run the same encrypt function with the same key for pwCheck and then check if it is == to the first line of PW.txt? Is that correct and/or are there other solutions?

Thank you.

Using Windows, Python 3.4

asked Dec 17, 2014 at 18:52
2
  • 4
    You have to read the existing password from the file, decrypt it, and check it against pwCheck Commented Dec 17, 2014 at 18:54
  • 2
    Note that it's wiser to store the hash of the password, then compare the hash of the user input to what is in the file. Commented Dec 17, 2014 at 18:58

2 Answers 2

1

Instead of "encrypt", perhaps use a 1-way hash.. Then, you can hash the subsequently entered password and check it versus the hash stored in the file... Something like:

def createFile():
 pw = input('Enter Password: ')
 pw2 = input('ReType Password: ')
 if pw == pw2: 
 newPw = sha.new(pw).digest
 pwFile = open('PW.txt', 'a')
 pwFile.write(newPw)
 pwFile.close()
 else:
 print('The passwords do not match')
 createFile()
if os.path.isfile('PW.txt'):
 print('File exists')
 pwCheck = input('What is the password? ')
 previous = open('PW.txt', 'r')
 prevPass = previous.read()
 hashed = sha.new(pwCheck).digest()
 if (hashed==prevPass):
 #progression of script here
else:
 createFile()
answered Dec 17, 2014 at 19:01
Sign up to request clarification or add additional context in comments.

Comments

1

I really hope that this is just an exercise, because if you care about security, you should be using some other authentication mechanism to gate access. Most obviously, unix permissions, and sudo to gate access.

Assuming it is an exercise only, simply have a function which checks the input against the file. Something like:

def doAuth():
 isAuthed = getPassInput() == getPassFromFile()
 if isAuthed:
 return True
 else:
 raise HellNoException("Passwords differ")
answered Dec 17, 2014 at 19:02

Comments

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.