The safest way to encrypt a password in python?
I know it's best to use hash user passwords, and I do this for all other web applications, but this case is slightly different.
I am creating an application that sends email notifications to company employees. Emails will be sent from the company's SMTP servers, so they will need to provide the email / app password credentials for the email account they allocate for this purpose.
Security is important to me and I prefer not to store a password that we can decrypt, but there seems to be no other way to do this. If it matters, this is a multi-tenant web application.
What's the best way in python to encrypt these passwords after hashing them, doesn't help us authenticate with the mail server?
Thank!
Note. The mail server is not on the same network as the web application.
source to share
I faced this problem too. I think ultimately, if you are stuck with creating a plain text password in your application, then all the artifacts for creating the password should be available to the application.
I don't think there is any kind of encryption magic here. Relying on file system rights so that no one can access the data in the first place. Please note that your SSH private key is not encrypted in your home directory. It's just in your home directory and you are counting on Linux to prevent anyone from reading it.
So, make a user for this application and put the passwords in a directory that only that user can access.
source to share
I would highly recommend using BCrypt . There are many benefits to the algorithm, and most implementations handle all of these issues for you.
As described in this answer :
Bcrypt has the best kind of reputation that can be achieved for a cryptographic algorithm: it has been around for quite some time, it is used quite widely, "attracts attention" and yet remains unbroken to this day.
I wrote a detailed article on how to implement BCrypt in python as well as other frameworks here: http://davismj.me/blog/bcrypt p>
source to share