3.3 KiB
3.3 KiB
Create a simple authentication system
an alternative to the hopelessly boring hello world
examples for an introduction to git
Start creating a script called auth.py
Expected usage:
- run the script
- the script asks for username and password
- if the user is known and password is correct ➔ print "Successfully authenticated!"
- if the user is known and password is wrong ➔ print "Wrong password!"
- if the user is not known ➔ print "Wrong username!"
- if the script is called with one argument, add a new user using the argument as a username
- if a user has been added ➔ store the updated database to disk
Basic API:
- a function
get_credentials
that asks for username and password - a function
authenticate
that checks if user is in the password database and that the password is correct - a function
add_user
to add a new user with its password to the database - a function
read_pwdb
to read the password database from disk - a function
write_pwdb
to write the password database to disk
Suggestions:
- the database can be a simple dictionary
{username: password}
- the database can be serialized to disk with
json
Later, think about the following problems:
- we are leaking valid usernames ➔ return a generic error if username does not exist or password is wrong
- password hashing ➔ do not store passwords in clear text (database could be stolen, admins are nosy). Solution: Do not store passwords at all but only their hashes (database could be stolen)
- password salting ➔ different users with same passwords should not have same hash ⟶ cracking one does not crack all: mitigates dictionary attacks, see below
Addition to the basic API:
- a function
pwhash
that given a password and a salt returns a hash - a function
get_salt
that returns a unique salt
Try to crack it! (Advanced)
- can you guess the hash collision risk for the proposed solution?
- try first a brute force attack: is it feasible?
- try a dictionary attack (you can use this list of probable passwords): is it feasible?
- think about lookup tables and rainbow tables attacks
- what are the trade-offs of the different attacks?
Notes
To make it for real:
- insecure temporary file (symlink race attack) ⟶
tempfile
and its context managers - better way of generating passwords or random tokens: the
secrets
module - cracking a password database is a form of art, see for example the John the Ripper password cracker, or Hashcat or Brutus