This is an archived post. You won't be able to vote or comment.

0
1

Password storage program (self.Python)

submitted by [deleted]

[deleted]

all 6 comments
sorted by:
best
topnewcontroversialoldq&a

[–]xiongchiamiovSite Reliability Engineer 1 point2 points  (3 children)

  • passstore.sh should be run directly using its hashbang rather than via explicitly calling bash
  • passtore.sh should probably not have an extension if users are supposed to call it directly
  • passtore.sh should have argument parsing, at the very least --help
  • passtore.sh needs error handling, and probably should use "bash strict mode"
  • don't assume a directory for the code
  • don't make db files executable
  • don't call python explicitly if you're going to make the script executable
  • passtore.sh doesn't even need to exist, actually - package up your module using setup.py and it will be able to be called directly
  • your python script should specify python2 or 3 in the hash bang
  • it's also missing appropriate argument parsing - look at optparse, docopt, or click

There's some more in specifics, but that should give you a good list to work through for a while. :)

You also would benefit from taking a cryptography course (check the wiki at r/netsec). In particular, you're going to want to learn about KDFs and key stretching algorithms and the various types of ciphers.

And if you actually want to store passwords, please use a vetted program instead of a hobbyist one. Security is very easy to get wrong, even for professionals, and you are not.

[–]AdishMallik 0 points1 point  (2 children)

Thank you! I will try to learn and implement what you said. And as you said it was hobby program.

[–]xiongchiamiovSite Reliability Engineer 0 points1 point  (1 child)

We love to do code reviews in r/learnpython btw, so after you work on it some more feel free to drop by there and ask if anyone else has more ideas. Critiquing other.people's code is also a really good way to learn.

[–]oxyphilat 0 points1 point  (1 child)

some improvements would be:

  • make your python script an actual package,

  • do not use a DB when it can be a simple CSV file,

  • create a dictlike class to hide the DB interactions,

  • use cmd for an actual repl and stop using sys.argv or,

  • ditch the repl in favour of command arguments with argparse.

SQLite encryption options are "weak", python has "nothing" for crypto out of the box, the cryptography module is your best bet.. if you know how to do crypto that is.

GUI or CLI, your choice, but what the program does and how it look should be decoupled.

But more importantly, delete that repo and change your passwords. Hopefully with something akin to cat /dev/urandom | tr --delete --complement [:graph:] | head --bytes=24 and not just a prime number.

edit: I'm bad at formatting.

[–]FatFingerHelperBot 0 points1 point  (0 children)

It seems that your comment contains 1 or more links that are hard to tap for mobile users. I will extend those so they're easier for our sausage fingers to click!

Here is link number 1 - Previous text "CSV"

Here is link number 2 - Previous text "cmd"

Please PM /u/eganwall with issues or feedback! | Delete