Generally speaking, never save password in source code. Even the encrypted password.
The reason is, anyone can get access to the source code and get the password. However, If I insist to that, what should I do?
For my doyouhavemypwd.com, I going to
Save the password in a separate file outside the git tracked directory.
Set the password only readable/writable for server root user.
hash(password + salt).
Hash can’t be something like md5(too weak) or use encryption algorithm to replace hash-function.
Salt: should randomly generated.
Use Cryptographically hash solution instead of invent your own.
Generate long salt cspring instead of use your own random algorithm, or even worth, use contains or a loop.
Salt can store in plain text just with the hashed password.
Platform CSPRNG PHP mcrypt_create_iv, openssl_random_pseudo_bytes Java java.security.SecureRandom Dot NET (C#, VB) System.Security.Cryptography.RNGCryptoServiceProvider Ruby SecureRandom Python os.urandom Perl Math::Random::Secure C/C++ (Windows API) CryptGenRandom Any language on GNU/Linux or Unix Read from /dev/random or /dev/urandom
Answer: System like Pythia
Jiayang, Sun 27 February 2017