Another security question

Paul Rubin at nospam.invalid
Sat Dec 24 03:08:16 EST 2016

Chris Angelico <rosuav at> writes:
> Correct. However, weak passwords are ultimately the user's
> responsibility, where the hashing is the server's responsibility.

No, really, the users are part of the system and therefore the system
designer must take the expected behavior of actual users into account.
The idea is to prevent breaches, not to allow them as long as the blame
can be shifted to someone else.

More information about the Python-list mailing list