On Tue, Sep 22, 2015 at 08:56:24AM +0900, Stephen J. Turnbull wrote:
Steven D'Aprano writes:
I wouldn't include punctuation [in the password alphabet] by default, as too many places still prohibit some, or all, punctuation characters.
Do you really expect users to choose their own random passwords using this function?
I don't know. Perhaps they will. I'm not entirely sure what the use-case of this password generator is, since I'm pretty sure that "real" password generators have to deal with far more complicated rules.
I would expect that this function would be used for initial system-generated passwords (or system-enforced random passwords), and the system would have control over the admissible set.
Perhaps so. But then how does the application get the password to the user? Via unencypted email, like mailman does? I expect that the only use-case for an application generating a password for the user would be "low security" applications where the password has low value. But maybe others disagree. I don't really have a strong opinion one way or another. -- Steve