Create a simple authentication system

an alternative to the hopelessly boring hello world examples for an introduction to git

Start creating a script called auth.py

Expected usage:

• run the script
• the script asks for username and password
• if the user is known and password is correct ➔ print "Successfully authenticated!"
• if the user is known and password is wrong ➔ print "Wrong password!"
• if the user is not known ➔ ask to add the user to the password database
• if a user has been added ➔ store the updated database to disk

Basic API:

• a function get_credentials that asks for username and password
• a function authenticate that checks if user is in the password database and that the password is correct
• a function add_user to add a new user with its password to the database
• a function read_pwdb to read the password database from disk
• a function write_pwdb to write the password database to disk

Suggestions:

• the database can be a simple dictionary {username: password}
• the database can be serialized to disk with json
• to experiment you can store the database on a temporary directory
• remember to write the database to disk every time you add a new user

Later, think about the following problems:

• we are leaking valid usernames ➔ return a generic error if username does not exist or password is wrong
• password hashing ➔ do not store passwords in clear text (database could be stolen, admins are nosy). Solution: Do not store passwords at all but only their hashes (database could be stolen)
• password salting ➔ different users with same passwords should not have same hash ⟶ cracking one does not crack all: mitigates dictionary attacks, see below

Addition to the basic API:

• a function pwhash that given a password and a salt returns a hash
• a function get_salt that returns a unique salt

Try to crack it! (Advanced)

• can you guess the hash collision risk for the proposed solution?
• try first a brute force attack: is it feasible?
• try a dictionary attack (you can use this list of probable passwords): is it feasible?
• think about lookup tables and rainbow tables attacks
• what are the trade-offs of the different attacks?

Notes

To make it for real:

• insecure temporary file (symlink race attack) ⟶ tempfile and its context managers
• better way of generating passwords or random tokens: the secrets module
• cracking a password database is a form of art, see for example the John the Ripper password cracker, or Hashcat or Brutus