[Python-ideas] Pre-PEP Adding A Secrets Module To The Standard Library

Nick Coghlan ncoghlan at gmail.com
Tue Sep 22 13:56:02 CEST 2015

On 22 September 2015 at 09:56, Stephen J. Turnbull <stephen at xemacs.org> wrote:
> Steven D'Aprano writes:
>  > I wouldn't include punctuation [in the password alphabet] by
>  > default, as too many places still prohibit some, or all,
>  > punctuation characters.
> Do you really expect users to choose their own random passwords using
> this function?  I would expect that this function would be used for
> initial system-generated passwords (or system-enforced random
> passwords), and the system would have control over the admissible set.
> But users who have to conform to somebody else's rules much prefer
> obfuscated passwords that pass strength tests to random passwords in
> my experience.

Right, the primary use case here is "web developer creating a default
password for an automatically created admin account" (for example),
not "end user creating a password for an arbitrary service".

We don't want to overgeneralise the canned recipes - keep them dirt
simple, and if folks want something slightly different, we can go the
itertools path and have recipes in the documentation.


Nick Coghlan   |   ncoghlan at gmail.com   |   Brisbane, Australia

More information about the Python-ideas mailing list