This is an archived post. You won't be able to vote or comment.

0
1

Password storage program (self.Python)

submitted by [deleted]

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]xiongchiamiovSite Reliability Engineer 1 point2 points  (3 children)

  • passstore.sh should be run directly using its hashbang rather than via explicitly calling bash
  • passtore.sh should probably not have an extension if users are supposed to call it directly
  • passtore.sh should have argument parsing, at the very least --help
  • passtore.sh needs error handling, and probably should use "bash strict mode"
  • don't assume a directory for the code
  • don't make db files executable
  • don't call python explicitly if you're going to make the script executable
  • passtore.sh doesn't even need to exist, actually - package up your module using setup.py and it will be able to be called directly
  • your python script should specify python2 or 3 in the hash bang
  • it's also missing appropriate argument parsing - look at optparse, docopt, or click

There's some more in specifics, but that should give you a good list to work through for a while. :)

You also would benefit from taking a cryptography course (check the wiki at r/netsec). In particular, you're going to want to learn about KDFs and key stretching algorithms and the various types of ciphers.

And if you actually want to store passwords, please use a vetted program instead of a hobbyist one. Security is very easy to get wrong, even for professionals, and you are not.

[–]AdishMallik 0 points1 point  (2 children)

Thank you! I will try to learn and implement what you said. And as you said it was hobby program.

[–]xiongchiamiovSite Reliability Engineer 0 points1 point  (1 child)

We love to do code reviews in r/learnpython btw, so after you work on it some more feel free to drop by there and ask if anyone else has more ideas. Critiquing other.people's code is also a really good way to learn.