How can I code a secure authentication system in Python?-CodePudding

I want to make a authentication system with a simple key (string). If the key is correctly inputed, start the program.

The problem is, that I have no idea how I code it so the program checks if the key is correct without a way seeing in as a user in the code.

Can someone help me?

CodePudding user response：

An easy way of using secure passwords/hashes and authentication. Adapt this into your system and work with that as a base:

Generate a password:

>>> import b<rypt
>>> bcrypt.genpw(b"admin", salt=bcrypt.gensalt())
b'$2b$12$VQ/egr55zwN28OU8baZXlu.gLA3HjVJw5O2teDDmwcXyp3k1TR4dG

Store the output of bcrypt.genpw() in any kind of data storage (without the leading b and enclosing single quotes (').

Check password:

import getpass
import bcrypt

# Get your bcrypt hashed pw from any kind of data storage.
pwhash = open("hash.txt", "r", encoding="utf-8").strip()

# Read the users password/key/whatever 
password = getpass.getpass("Enter your password: ")

# Check if entered password/key/whatever matches stored hash
authenticated = bcrypt.checkpw(password.encode(), pwhash.encode()

if authenticated:
    print("You're autenticated!")
    do_privileged_stuff(...)
else:
    print("You're not allowed to be here!")

A fun, secure but maybe not very user-friendly addon to security would be MFA/2FA using totp/hotp algorithms (see here).