Share your repls and programming experiences

← Back to all posts
Python Login System With Encryption
devcar80 (18)

This is a little login system a friend and I made in python. It decrypts, encrypts, and checks if the username is already taken. If you have any suggestions please feel free to leave them in the comments!

Thank you @cecook1022 for helping me with this wonderful project! I couldn't have done it without you.

Commentshotnewtop
Zavexeon (976)

This is cool! As a suggestion, maybe try hashing the passwords instead of encrypting and decrypting them.

Basically, a hash is an irreversible encryption. You hash the password they give, and store that.

When they want to login, you hash their password input and check it against the stored hash. If they match, the passwords are the same.

This makes it harder for people to break your encryption and also doesn't allow you to view their actual passwords (just a privacy thing).

Pandapip2 (8)

@Zavexeon https://en.wikipedia.org/wiki/Salt_(cryptography)
This is much more secure than plain hashes. The salt I use is hash(password+hash(username))

Zavexeon (976)

@Pandapip2 Yes salting the hashes increases the security even more. I just use a randomly generated seed that I store.

LiamDonohue (203)

maybe encrypting and hashing? @Zavexeon

jawwson (8)

I like this, but can you make it so that two usernames can't have the same password?

DevonCarson (1)

@jawwson There shouldn't be a need to have each password be different. If you don't mind me asking why would that be necessary?

dillonjoshua68 (2)

for me, when it goes to typing the password, it doesn't enter; it gets stuck and won't type.

cecook1022 (0)

@dillonjoshua68 Thats because we used getpass! It doesnt echo your input, so while you type in your password it doesnt show it for added security!

Roar123 (166)

Very nice! How does the program store user information for use after it has ended?

cecook1022 (0)

@Roar123 It writes all encrypted data(both usernames and passwords) directly to a binary file!

Pandapip2 (8)

Also, if you are going to use encryption to store passwords (still not recommended), use a .env file to store the key. More information here: https://repl.it/talk/ask/How-to-use-the-env-file/17121

Coder100 (1256)

Why would you ever decrypt passwords? That just makes it insecure once people find out the function in encrypt.py

while True:
  votes+=1
  secure-=0.5

Nice work!