Hi Nick,
Tbh, I think that you’re over complicating this with the dialect='excel'
: a .csv
file is just that; it’s a file in which the record data fields are separated by a comma and each record has a newline terminator, which is why the csv sample I posted looks like this:
7f0b629cbb9d794b3daf19fcd686a30a039b47395545394dadc0574744996a87,a9d137a13239d2d4b7c10830734c7da2dbfea81bb10d8b74a7a4425a08848abe
84313ef39b0a979f0608491608870b3f2065f447d73e4373ba75ae2330aa82b5,a7fdb881ef96729565b682e3f4a9fdbd13275cc81ff8c0f9a5884612b08819bd
The format there is username,password
, but that is easy to attack, as you’ll see, if you find the sha256
hashes for nick
and rob
. If any ‘attacker’ does that, they have 50% of the puzzle solved; now to crack the other half. For your password, that’s not so hard, as I’ve simply used the information that is clearly shown in your posts, but for mine, well, good luck with that.
What would better? Well, how about the same information stored as:
3c1204eaac8c55fee4aa7cdc226b73023a77b32608688c2514f3fc22c317680a,
39986d061547706ad515a9999268dd97feafed570457f94500251e6b891f82af
Now it’s not so easy, right? But it can still be done, given that we know what the first two hashes are, so the entire system is still reliant on some sensible choices being made by the user, with regard to both their user name and their password, as well as some sensible choices being made by the system designer, so that it’s not so easy for an attacker to suss out the components of the table: enter what @hansgeunsmeyer has posted regarding the use of a ‘salt’, but I think that we’re getting somewhat ahead of the curve right now, as you’ve yet to get the csv
read/write working correctly (unless I’ve missed something).
One way forward would be to separate all the operations, putting each of them into their own custom functions, so that you can build and test each function. Then glue all the functions together with some ‘driver code’. Indeed you have already made some good progress with regard to that approach, but you seem to have digressed a little toward the end. I could do all that for you, but I believe that you would learn a great deal more from this project if you were to do that for yourself, posting back with any questions that you may have along the way. In fact, I would go so far as to even farm out the hashing part of the script to its own function, so that the hashing can simply be switched in or out.
Edit to add: you could simplify the question regarding the registration of a new account:
response = False
while not response:
response = input("Would you like to register a new account? (Y/N)").upper()
# the .upper() method is used so that the user need not bother about that detail
if response not in ("Y", "N"): # now it's easy to test
response = False
else:
if response == "Y":
register()
else: # it has to be N
pass # a placeholder for what to do with this event
That should work, but I’ve not tested it; I’ve simply coded that on the fly and as such it may need some tinker time.