.pyc files and naive encryption

Question

I have a fairly naive thing I want to do and I want to know if someone can answer can tell me if this is just flat out stupid. If what I am going to ask is not stupid but perhaps naive, I'd appreciate if I can get a nudge in a correct direction.

I have a file named pwds.py . Its contents are

 import hashlib class Pwds: def __init__(self): pass def printGood(self,key): y = hashlib.sha1() y.update(key.encode('ascii')) if y.hexdigest() == "db5f60442c78f08eefb0a2efeaa860b071c4cdae": print("You entered the correct key!") else: print("Intruder!") 

Then I have another file named runme.py , whose contents are

 import pwds x = input("Please type the password: ") y = pwds.Pwds() y.printGood(x) x = input("Press any key to end") 

The first time runme.py is run, a pwds.pyc file is created. My thought was that once the .pyc file was created, I could delete pwds.py and run runme.py as normal. Additionally, I thought the contents of pwds.py would be contained in .pyc but made unreadable since this is a "compiled" Python file. Thus, while I can delete pwds.py and successfully run runme.py , pwds.pyc is pretty much readable if I open it in, say, Notepad.

Thus, the question(s) in general: How can I keep the contents of pwds.py unreadable? What I wanted to do with the above code was to keep "secret" information in a Python file, compile it, and have its contents be accessible only if the correct key were typed. Is this approach too stupid to even consider? I didn't want to get into writing a "garbler" and a "degarbler". I thought this would be a simple and cheap solution.

Thanks for reading this! Please let me know if there is any other information I should provide.

Answer 1

The .pyc file simply contains the compiled python code so it doesn't need to be recompiled everytime you run your program. Thus all strings in it are still readable (you could always look at the binary contents or step through the program via the pdb debugger).

If you want to protect something in your code with a password, you have to encrypt it with strong encryption and only store the encrypted version. The users's key/password is then used to decrypt the data.