9 Years
Discussion Span
Last Post by mn_kthompson

The best way to do this would be for you to use a text file as your dictionary rather than as a variable within the script. Then you can read/write to the dictionary.


How would i loop this script? when i run it it doesnt give you a chance to retry the username and pass...

i should imagine it is in the same section as the

      print 'Invalid password or username'

also replace "pass" with "password" in the following lines - i had to do this when running python 2.6.4

pass = raw_input('Enter password: ')

if pass in database[name]:

One thing you might want to consider is writing the code so that the users password isn't stored in clear text. The way to do this is to hash the user's password with a cryptographic algorithm and store that. Then you hash the password that the user provides at logon time and compare them.

import hashlib

database = {'kevin':'70ccd9007338d6d81dd3b6271621b9cf9a97ea00'}

name = raw_input('Enter the username: ')
password = hashlib.sha1(raw_input('Enter the password: ')).hexdigest()

if database[name] == password:
    print "Good job."

That way if someone were to examine the code he or she would not be able to learn what my password is.


Another thing you can do to add to the security of the application is to add a "seed" value to the stored passwords. You store the seed value along with the password. Then when the user provides a password for authentication, your application appends the salt to the password and then hash that.

The reason for the salt is that it makes it more difficult to use previously calculated hashes to reverse the stored passwords. For example, you might run through hundreds of words and calculate the sha1 hash of the word and then compare it to the stored hashes to learn that my password above was 'Password1'. Once you knew that you would also know if any other users are using that password because they will have the same hash. But if I apply a random salt value, it will force you to calculate hashes for every possible password combination for each individual user that you want to hack.

import hashlib

# All these users have the same password, but the hashes are different.
# when creating the users, use random.randint to create the salt value.
# The password is Password1
database = {'kevin':('421','7e322290cf8348bb1dd197dc1f2944592ccf6eb2'), \
   'james':('619','54aa94ece4706348d2224c847c64871888ed3619'), \

# Without the salt, all users would have the same hashed password.  If you
# learned that one of them was using Password1 for a password, then you would
# have learned all of their passwords.

username = raw_input('Enter your user name: ')
password = raw_input('Enter your password: ')
password += database[username][0]
password = hashlib.sha1(password).hexdigest()

if database[username][1] == password:
    print "Good Job"
This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.