Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #35431 > unrolled thread

Password hash

Back to article view | Back to comp.lang.python

Contents

  Password hash Robert Montgomery <rcmjivaro@comcast.net> - 2012-12-23 20:38 -0600
    Re: Password hash Ramchandra Apte <maniandram01@gmail.com> - 2012-12-25 19:40 -0800
      Re: Password hash Ian Kelly <ian.g.kelly@gmail.com> - 2012-12-26 13:16 -0700
    Re: Password hash Ramchandra Apte <maniandram01@gmail.com> - 2012-12-25 19:40 -0800
    Re: Password hash Peter Pearson <ppearson@nowhere.invalid> - 2012-12-27 19:24 +0000

#35431 — Password hash

I am writing a script that will send an email using an account I set up
in gmail. It is an smtp server using tls on port 587, and I would like
to use a password hash in the (python) script for login rather than
plain text. Is this do-able? Details please.

[toc] | [next] | [standalone]

#35509

On Monday, 24 December 2012 08:08:12 UTC+5:30, Robert Montgomery  wrote:
> I am writing a script that will send an email using an account I set up
> 
> in gmail. It is an smtp server using tls on port 587, and I would like
> 
> to use a password hash in the (python) script for login rather than
> 
> plain text. Is this do-able? Details please.

No. The password is encrypted with TLS I think so I believe you shouldn't worry much about security.

[toc] | [prev] | [next] | [standalone]

#35539

On Tue, Dec 25, 2012 at 8:40 PM, Ramchandra Apte <maniandram01@gmail.com> wrote:
> On Monday, 24 December 2012 08:08:12 UTC+5:30, Robert Montgomery  wrote:
>> I am writing a script that will send an email using an account I set up
>>
>> in gmail. It is an smtp server using tls on port 587, and I would like
>>
>> to use a password hash in the (python) script for login rather than
>>
>> plain text. Is this do-able? Details please.
>
> No. The password is encrypted with TLS I think so I believe you shouldn't worry much about security.

The smtplib module automatically uses CRAM-MD5 for authentication if
it is available.  If you wanted to use some other hashing scheme then
I guess you would have to implement it yourself by overriding
SMTP.login, or find another SMTP module that already supports it.

The above comment about security is bad advice.  Security is all about
layers.  Just because the data stream is already encrypted (read:
decryptable) does not mean that password digests are a waste of time.
In fact, the two techniques are usually considered complementary:  the
encryption process protects your application data, while the password
hashing protects your authentication details.

[toc] | [prev] | [next] | [standalone]

#35510

On Monday, 24 December 2012 08:08:12 UTC+5:30, Robert Montgomery  wrote:
> I am writing a script that will send an email using an account I set up
> 
> in gmail. It is an smtp server using tls on port 587, and I would like
> 
> to use a password hash in the (python) script for login rather than
> 
> plain text. Is this do-able? Details please.

No. The password is encrypted with TLS I think so I believe you shouldn't worry much about security.

[toc] | [prev] | [next] | [standalone]

#35634

On Sun, 23 Dec 2012 20:38:12 -0600, Robert Montgomery wrote:
> I am writing a script that will send an email using an account I set up
> in gmail. It is an smtp server using tls on port 587, and I would like
> to use a password hash in the (python) script for login rather than
> plain text. Is this do-able? Details please.

No, *you* need to provide details.  Security problems nearly always
emerge from the details, so it's important to be as clear as possible
about what you want to achieve and what the threat is.

-- 
To email me, substitute nowhere->spamcop, invalid->net.

[toc] | [prev] | [standalone]

Back to top | Article view | comp.lang.python

csiph-web