password security

Anders M Eriksson anders.eriksson at morateknikutveckling.se
Fri May 19 14:43:15 CEST 2000


On Fri, 19 May 2000 04:10:33 -0400, "Tim Peters"
<tim_one at email.msn.com> wrote:

>> Is this secure on any level?
>
>MD5 is still widely thought to be secure, although Nagging Doubts Have Been
>Raised.  The biggest risk with any password scheme is that people tend to
>pick easily-guessed passwords, and IMO that swamps the risk due to MD5.  sha

Thanks for the answer I think I understand. The random string will not
add to the security, because it's easy to retrieve the data from the
python byte-code.

And the md5.digest() will not be any more secure for a long password
than for a short one. the only difference is that with a brute force
attach the short one will probably occur earlier.

Since this application isn't aimed at an audience of cypherpunks or
similar I will just use the simple:

md5.new(user+pw)


// Anders





More information about the Python-list mailing list