[Python-ideas] Pre-PEP Adding A Secrets Module To The Standard Library
Steven D'Aprano
steve at pearwood.info
Tue Sep 22 05:40:44 CEST 2015
On Tue, Sep 22, 2015 at 08:56:24AM +0900, Stephen J. Turnbull wrote:
> Steven D'Aprano writes:
>
> > I wouldn't include punctuation [in the password alphabet] by
> > default, as too many places still prohibit some, or all,
> > punctuation characters.
>
> Do you really expect users to choose their own random passwords using
> this function?
I don't know. Perhaps they will. I'm not entirely sure what the use-case
of this password generator is, since I'm pretty sure that "real"
password generators have to deal with far more complicated rules.
> I would expect that this function would be used for
> initial system-generated passwords (or system-enforced random
> passwords), and the system would have control over the admissible set.
Perhaps so. But then how does the application get the password to the
user? Via unencypted email, like mailman does?
I expect that the only use-case for an application generating a password
for the user would be "low security" applications where the password has
low value.
But maybe others disagree. I don't really have a strong opinion one way
or another.
--
Steve
More information about the Python-ideas
mailing list