Path: csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!feeder.erje.net!eu.feeder.erje.net!xlned.com!feeder5.xlned.com!newsfeed.xs4all.nl!newsfeed1.news.xs4all.nl!xs4all!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.008 X-Spam-Evidence: '*H*': 0.98; '*S*': 0.00; 'specific.': 0.09; 'subject:language': 0.09; 'subject:string': 0.09; 'cc:addr:python- list': 0.11; 'random': 0.14; 'fly': 0.16; 'said.': 0.16; 'subject:generation': 0.16; 'subject:random': 0.16; 'to:addr:pearwood.info': 0.16; 'to:addr:steve+comp.lang.python': 0.16; "to:name:steven d'aprano": 0.16; 'wrote:': 0.18; 'meant': 0.20; '>>>': 0.22; 'aug': 0.22; 'saying': 0.22; 'cc:addr:python.org': 0.22; 'password.': 0.24; 'cc:2**0': 0.24; "i've": 0.25; 'header:In-Reply-To:1': 0.27; 'am,': 0.29; 'message- id:@mail.gmail.com': 0.30; "d'aprano": 0.31; 'steven': 0.31; 'worked': 0.33; 'no,': 0.35; 'but': 0.35; 'received:google.com': 0.35; 'passwords': 0.36; 'so,': 0.37; 'pm,': 0.38; 'new': 0.61; "you're": 0.61; 'good,': 0.91; 'passwords,': 0.91; 'serious': 0.97 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=T6E1CWm61hdKB496U+4qgQVHGyEa7alvEbFJHJhdT74=; b=Zl5RXcUzupJ3DL1kszq1zQjoyhczD1rO6UUjmSrL0hl1/Jmsca/PTxVIycjCzhckFm dfzU5MXGOpYYjY2tr6Ye8TIAHqZyTwMuI0/WkF2qCh9kEEKc1g0I/SVf9g3mKsVS9y23 v0IojKo3T6qpZvap2QhZo82fWmkjFylqX0WwqXj3sSE/J/dZQ5mHp6HjKUdGIXjL7qhr RjLeRB7Cu/QSt9nYffVOIHa3W3cn01tLBgjzFXDQbUpOfmKzp8Yj7iG35JvTHTVWJSDl bRl81KKqZ7LHQQjUTNn1zAGmOMeuc8pwAFyjadh+8IwNSdIowovu0vgrydz7unvUNI+n za0Q== X-Received: by 10.140.24.140 with SMTP id 12mr19192771qgr.11.1407740559325; Mon, 11 Aug 2014 00:02:39 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: <53e828e9$0$29966$c3e8da3$5496439d@news.astraweb.com> References: <14d94692-2257-4dfb-a82f-f1674a839233@googlegroups.com> <53e79e46$0$29967$c3e8da3$5496439d@news.astraweb.com> <53e828e9$0$29966$c3e8da3$5496439d@news.astraweb.com> From: Devin Jeanpierre Date: Mon, 11 Aug 2014 00:01:58 -0700 Subject: Re: Template language for random string generation To: "Steven D'Aprano" Content-Type: text/plain; charset=UTF-8 Cc: "comp.lang.python" X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 24 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1407740566 news.xs4all.nl 2936 [2001:888:2000:d::a6]:42953 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:76028 On Sun, Aug 10, 2014 at 7:22 PM, Steven D'Aprano wrote: > Devin Jeanpierre wrote: > >> On Sun, Aug 10, 2014 at 9:31 AM, Steven D'Aprano >> wrote: > >>> I don't think that using a good, but not cryptographically-strong, random >>> number generator to generate passwords is a serious vulnerability. What's >>> your threat model? >> >> I've always wanted a password generator that worked on the fly based >> off of a master password. If the passwords are generated randomly but >> not cryptographically securely so, then given sufficiently many >> passwords, the master password might be deduced. > > o_O > > So, what you're saying is that you're concerned that if an attacker has all > your passwords, they might be able to generate new passwords? No, I meant what I said. I was pretty specific. -- Devin