Path: csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!goblin1!goblin2!goblin.stu.neva.ru!newsfeed.xs4all.nl!newsfeed2a.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.007 X-Spam-Evidence: '*H*': 0.99; '*S*': 0.00; 'represents': 0.05; 'allowed.': 0.07; 'suppose': 0.07; 'occasionally': 0.09; 'subject:language': 0.09; 'subject:string': 0.09; 'wrong,': 0.09; 'cc:addr:python-list': 0.11; 'random': 0.14; '"/"': 0.16; 'from:addr:pobox.com': 0.16; 'from:addr:skip': 0.16; 'stumbling': 0.16; 'subject:generation': 0.16; 'subject:random': 0.16; 'thread,': 0.16; 'uppercase': 0.16; '\xc2\xa0you': 0.16; 'sender:addr:gmail.com': 0.17; 'pfxlen:0': 0.19; 'platforms': 0.22; 'separate': 0.22; 'cc:addr:python.org': 0.22; 'skip': 0.24; 'cc:2**0': 0.24; 'define': 0.26; 'least': 0.26; '(for': 0.26; 'header:In-Reply-To:1': 0.27; 'point': 0.28; 'character': 0.29; 'topic': 0.29; 'related': 0.29; 'characters': 0.30; 'message- id:@mail.gmail.com': 0.30; '(which': 0.31; 'though.': 0.31; 'probably': 0.32; 'figure': 0.32; 'run': 0.32; 'could': 0.34; 'common': 0.35; 'something': 0.35; 'but': 0.35; 'received:google.com': 0.35; 'there': 0.35; 'sometimes': 0.38; 'skip:& 10': 0.38; 'whatever': 0.38; 'extremely': 0.39; 'number,': 0.60; 'free': 0.61; 'back': 0.62; 'telling': 0.64; 'to:addr:gmail.com': 0.65; 'p.s.': 0.66; 'contact': 0.67; 'lowest': 0.74; 'special': 0.74; 'discover': 0.82; 'characters,': 0.84; 'keeper': 0.84; 'notion': 0.91; 'thoughts,': 0.91 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=enIgt98HmvLWb6uVY2U+5BXDDByfyvXoFhELTlg/RRw=; b=czSEKuJxyxa6j8EGclBaOaVfPI9LvcGdF0Fxxq4GhjI7wGJtOyn+mmIw/lHQwF2q5d XoreEUS/liPrHl1AI8eXI746v0wJnT+S1NLoI8fBLNYxUqjJ4gCVwyRUuel1v8MgM4bg 1UCdBiId7KiqS2oOUTkm7BNUIMIzovNyoPQcn2babiBOiE6XgI/DXIhyJjJoaoZTSi/g RM3OphMkzNr23q9tf94hs1KzfnlkgsegeEa2qzHlauYRaSbkAUHd7++nMSeXbad5qky3 zZdoSRalDsgdKEn2gxQ7AwVhneoPHPeBiiOPk+awvwoJ76CUIcPKrnH/6+pBdLovlkhw weAg== MIME-Version: 1.0 X-Received: by 10.50.33.100 with SMTP id q4mr5825321igi.8.1407508512087; Fri, 08 Aug 2014 07:35:12 -0700 (PDT) Sender: skip.montanaro@gmail.com In-Reply-To: <14d94692-2257-4dfb-a82f-f1674a839233@googlegroups.com> References: <14d94692-2257-4dfb-a82f-f1674a839233@googlegroups.com> Date: Fri, 8 Aug 2014 09:35:12 -0500 X-Google-Sender-Auth: iHIaWqM0LlL8oaW6MVre3cWPOEo Subject: Re: Template language for random string generation From: Skip Montanaro To: Paul Wolf Content-Type: multipart/alternative; boundary=089e0158b034e1c19e05001f1c65 Cc: Python X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 63 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1407508515 news.xs4all.nl 2943 [2001:888:2000:d::a6]:45566 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:75890 --089e0158b034e1c19e05001f1c65 Content-Type: text/plain; charset=UTF-8 One suggestion, though perhaps nothing actually needs changing. I occasionally run into sites which define their password constraints as something like "minimum 8 characters, at least one number, one uppercase letter, and one special character." Their notion of "special" (which in my mind means any printable character which isn't a letter, whitespace, or digit) is only a subset. You include a "/" or a ";" and they kick your nice random password back at you, sometimes without telling you what you actually did wrong, only repeating, "minimum 8 characters, at least one number and one special character." You are left to discover through trial-and-error which "special" characters are actually allowed. Once you figure that out, I suppose you could use something like "[.-,()&@]" or whatever is actually allowed, but it would be nice if perhaps there was a way to figure out what some of these sites actually mean by "special" characters and define a \-escape which represents the lowest common denominator set of "special" characters. Definitely a small point though. Skip P.S. Probably a topic for a separate thread, and not actually Python-related, but on a related note, I have never found a free password keeper which works on all my platforms (Mac, Android, Unix). That is one stumbling block (for me) to actually using extremely strong passwords. If you have some thoughts, please contact me off-list. --089e0158b034e1c19e05001f1c65 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
One suggestion, though perhaps = nothing actually needs changing.

=
I occasionally run into sites which define their= password constraints as something like "minimum 8 characters, at leas= t one number, one uppercase letter, and one special character." Their = notion of "special" (which in my mind means any printable charact= er which isn't a letter, whitespace, or digit) is only a subset. =C2=A0= You include a "/" or a ";" and they kick your nice rand= om password back at you, sometimes without telling you what you actually di= d wrong, only repeating,=C2=A0"minimum 8 characters, at least one numb= er and one special character." You are left to discover through trial-= and-error which "special" characters are actually allowed. Once y= ou figure that out, I suppose you could use something like "[.-,()&= ;@]" or whatever is actually allowed, but it would be nice if perhaps = there was a way to figure out what some of these sites actually mean by &qu= ot;special" characters and define a \-escape which represents the lowe= st common denominator set of "special" characters.

Definitely = a small point though.

Skip

P.S. Probably a topic for a separate thread, and not actually Python-relate= d, but on a related note, I have never found a free password keeper which w= orks on all my platforms (Mac, Android, Unix). That is one stumbling block = (for me) to actually using extremely strong passwords. If you have some tho= ughts, please contact me off-list.

--089e0158b034e1c19e05001f1c65--