Encrypt User Password at Rest

[wesker-albert]

Describe the solution you'd like

I'm unsure if this is the case for all OS, but I've noticed that on Linux, user passwords are stored in plaintext in the config file. This makes me a bit uncomfortable, and puts the user at unnecessary risk.

It'd be nice if the password were salted and hashed, using passlib or similar.

Additional context

N/A

[wesker-albert]

hashlib would likely be the pure python solution.

[mathiascode]

We can't change the Soulseek protocol or server, so hashing wouldn't be possible. The best we could do is store the password in the system keyring.

[wesker-albert]

We can't change the Soulseek protocol or server, so hashing wouldn't be possible. The best we could do is store the password in the system keyring.

I suppose what I meant was hash it for local storage, then decrypt the hash before authorizing with the server.

To your point though, keyring seems like it could be a more elegant solution.

[hboetes]

Even if you store it securely on the system, the password will be transmitted unencrypted over the network as soon as you log in. If you don't trust your local admin, you shouldn't use the system.