Simple Password Strength Checker Review Help needed

Paul Rubin no.email at nospam.invalid
Wed Jan 27 08:14:31 CET 2010


"Mallikarjun(ಮಲ್ಲಿಕಾರ್ಜುನ್)" <mallik.v.arjun at gmail.com> writes:
>   Since this is my first app/program, can someone review my code (just
>   over 150 lines) and help me improve my programming capabilities

I didn't look at the code.  From a security point of view, the concept
of "password strength checking" is pretty dubious.  If you want secure
passwords, generate them from a random number source and assign them to
the users.  Don't have the users make up their own passwords.  It's
relatively (compared to using a computer file exposed to remote internet
attacks) for users to write down the the random passwords on paper, as
long as they're a little bit careful.  As Bruce Schneier put it:

    "My wallet is already a secure container; it has valuable things in
    it, and I have a lifetime of experience keeping it safe. Adding a
    piece of paper with my passwords seems like a natural thing to do."



More information about the Python-list mailing list