Re: Share your code
 

Yes, it saves the hash;
yes, it compares the inputted text/password as hash to the stored hashed password.

I was thinking about protecting the password file itself somehow but not yet implemented any solution for that.
But... even if a malicious user would create a new password even password protection can be removed by hand so the original user/owner can access to the database (frankly saying, even the database should be secured; maybe I shall try that too but need some learning on how to secure sqlite3 databases. MySQL does that 'out of the box' but that would be a big dependency to be installed...)... It is not a super-secure system yet but I'm not an expert on this field but trying to find solutions for these problems/ideas... So thanks for the suggestion I will try to implement your observations!

jm

EDIT:// I did some experiment just out of couriousity:
- manually modifiying the password file will result that password always will be incorrect, even if the correct text/letter would be typed back;
- if I do the following from shell: then the password will be incorrect even if the correct text is typed at authentication;
- if a new password is set from under python on the device itself (or maybe generated in python on an other system and copied to the appropriate location) then it will work.

Re: Share your code
 

There are good ways to do it, for example use aes to encrypt/decrypt the data on the fly, only ever storing encrypted data in db.

Re: Share your code
 

The code looks amazing to me :)

Re: Share your code
 

Hi All!

I made some improvements again and hopefully you will find these useful.

So, I was thinking about protecting the financial data and of course the protection of the database appeared to be the best idea.
For this purpose I found that sqlcipher would do the trick, it has a python binding and would not have to use encryption-decryption on the fly as sqlcipher uses "pragma key".
I dropped the previous password protection method as user have to enter the key at startup of the application. The key does not stored anywhere (except the default key - "temporary_key" - when creating new database at first time running the app) in the app it "appears" only when running the app and it asks for it directly so I did not even use hashlib as I think it is not necesseary.

The "main" (?) sqlcipher I found on github did not work on arm, so I searched and found a version for Android which I used to build my own with checkinstall. The installation won't overwrite sqlite3 it just creates sqlite3 executable in /usr/local/bin and that comes default.

For pysqlcipher I used version 2.6.3; this will be "installed" as well.

From now on you can find this on GitHub.

jm

Re: Share your code
 

Hi All!

I happened to successfully install neovim 0.1.7-4 on my n900. You can find the details here.

jm

Edit:// Opened a separate thread for this.

Re: Share your code
 

Awesome work. Maybe better to create new thread for that though ...
Also, might be great idea to get it in repositories :)

Re: Share your code
 

Thanks!

Hmm... About get this in the repos...: it would need the libc6_2.10 to be also in the repos and I do not know whether it is a good idea or not... AapoRantalainen's words