[Python-ideas] Pre-PEP Adding A Secrets Module To The Standard Library

Steven D'Aprano steve at pearwood.info
Tue Sep 22 05:40:44 CEST 2015

On Tue, Sep 22, 2015 at 08:56:24AM +0900, Stephen J. Turnbull wrote:
> Steven D'Aprano writes:
>  > I wouldn't include punctuation [in the password alphabet] by
>  > default, as too many places still prohibit some, or all,
>  > punctuation characters.
> Do you really expect users to choose their own random passwords using
> this function? 

I don't know. Perhaps they will. I'm not entirely sure what the use-case 
of this password generator is, since I'm pretty sure that "real" 
password generators have to deal with far more complicated rules.

> I would expect that this function would be used for
> initial system-generated passwords (or system-enforced random
> passwords), and the system would have control over the admissible set.

Perhaps so. But then how does the application get the password to the 
user? Via unencypted email, like mailman does?

I expect that the only use-case for an application generating a password 
for the user would be "low security" applications where the password has 
low value.

But maybe others disagree. I don't really have a strong opinion one way 
or another.


More information about the Python-ideas mailing list