1

I have written a PySide app which needs to send a user name and password to an online server. I am encrypting the password after the user entered it via a QLineEdit widget, but since this is just python code, any user could open up the file and modify the code before the encryption to steal password. Distributing pyc files is not much of a security boost as those can be decompiled AFAIK.

So my thought is to get somebody to write a custom QT widget in C++ with respective PySide bindings, which would be a modified QLineEdit that never stores the plain text, but only the encrypted text based on an external key. Is this a silly idea? Is it doable? Are there any other options? How would you guys handle this?

Cheers, frank

Frank Rueter
  • 729
  • 1
  • 10
  • 21
  • I would compute a checksum on the source code or the whole package and then make the checksum public. that way and with a nice tool (which needs to be checked by itself) every user can check that the code wasn't altered. But then it could still be altered at runtime. – NoDataDumpNoContribution Jan 30 '14 at 14:56

2 Answers2

1

Not really a "silly" idea. It's just that it wouldn't work.

All someone would have to do is to edit some other part of your code and install an event filter on the QApplication instance. With that in place, they could capture every keyboard event before it even reached your custom QLineEdit.

Attempting to fence off parts of your PySide application is never going to work. At the end of the day, it's a python program. Even trying to fence off the entire application by freezing it into an executable comes with a whole host of caveats (see "How do I protect Python code?" for some useful discussion).

You're never going to plug all the holes, no matter what you do (and no matter what language or libraries you use).

At some point you just have to take a breath, draw an artificial line somewhere, and leave it at that.

Community
  • 1
  • 1
ekhumoro
  • 115,249
  • 20
  • 229
  • 336
0

In the first instance, you should ensure you aren't echoing the password to the screen. However, ensuring the QLineEdit never stores the full password is probably not possible securely.

You could override the keystroke commands, and encrypt each incoming character. But per character encryption is not really done nowdays, at least in the form A=E or what have you.

You could do progressive hashes of the string as additional letters come in, but this means a user has 1 attempt to enter their password, as they can't backspace. Any mistake, such as a slipped finger, e.g entering g instead of f would mean needing to erase the whole password and start again - not a very friendly UI.

With regards to your worry of someone editing your code, and then capturing the password between the user entering it, and it being sent off, your being paranoid here. To a certain extent once you've sent of your code, you have little control over it. You could distribute the code with an appropriate MD5 hash for the relevant parts and you can check at run time to make sure the code hasn't been altered.

Even then, if someone has the ability to inject arbitrary code into your program then you have bigger problems. I'm not saying your program is insecure, but if someone malicious has access to a computer with the code, they could just as easily insert a hardware or software keylogger rendering all of your attempts moot.

Write your code as secure as possible, accept that at somepoint the password will be in plaintext somewhere and encode it at the first available opportunity. eg:

import mySecureLibrary
password = mySecureLibrary.saltAndHash(self.ui.passwordField.text())
self.ui.passwordField.setText("HAHA, no password for you")
Community
  • 1
  • 1
  • thanks you for the info. It's the first time I have to deal with this situation so I appreciate this sort of input very much! – Frank Rueter Dec 13 '13 at 04:37