security - What is the most secure python "password" encryption -


I am creating a small weblog that contains tasks and solutions, after the solution is complete, enter the code given to the user One task is solved by To protect some security (against fraud) I do not want to store generated code in plain text by the game but since I need to be able to give code to a player, when he completes the work I can not do it because since then I can not take it back

So what's the safest way to encrypt / decrypt it using Python?

If your script can decode the password, someone can enter your server only Actually useful when someone enters the password to unlock it - if it remains unlocked (or to unlock the password in the script), the encryption is useless

This is the reason why hashing More useful, because this is a way process - even if E knows your password hash, they do not know the plain text, they must enter to generate it (without any force-power).

I would not mind being concerned about keeping the game password in plain text, if you are worried about securing them, possibly fixing SQL injection / etc, make sure that your web- Server and other software is up-to-date and configured correctly.

Perhaps this is a less appealing way to steal passwords than actually playing a game? For example, there was a game (I did not remember what it was) that if you cheat the level, then you went to the next level but it was not marked as "full", or you Can leave but no points were found. Or see Project Euler, you can do at any level, but if you enter the answer, you can only get points (and the answer to the answer is the whole issue of the game, so the game of cheating game

If you are really mad, you can use possibly asymmetric crypto, where you basically encrypt something with key A , And you can read it only with key B. Es ..

I came up with a similar concept to use the GPG encryption (popular asymmetric crypto system, primarily e-mail is used for encryption or signing). I am not sure how this would be applicable to securing the game level password, and as I said, you should be really mad to consider it ..

Brief I will say, store plain-text passwords, and focus your security-concerns elsewhere (web application code itself)


Comments

Popular posts from this blog

c++ - Linux and clipboard -

Visual Studio 2005: How to speed up builds when a VSMDI is open? -

booting ubuntu from usb using virtualbox -