Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #67498

Re: Password validation security issue

Path csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!eternal-september.org!feeder.eternal-september.org!news.stack.nl!newsfeed.xs4all.nl!newsfeed3.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail
Return-Path <ian.g.kelly@gmail.com>
X-Original-To python-list@python.org
Delivered-To python-list@mail.python.org
X-Spam-Status OK 0.022
X-Spam-Evidence '*H*': 0.96; '*S*': 0.00; 'binary': 0.07; 'debugging': 0.07; 'intermediate': 0.07; 'guys!': 0.09; 'linear': 0.09; 'replication': 0.09; 'runs': 0.10; 'python': 0.11; 'suggest': 0.14; 'question.': 0.14; 'random': 0.14; 'posted': 0.15; 'general.': 0.16; 'learnt': 0.16; 'protecting': 0.16; 'script,': 0.16; 'storing': 0.16; 'subject:Password': 0.16; 'subject:issue': 0.16; 'subject:security': 0.16; 'wrote:': 0.18; 'written': 0.21; 'separate': 0.22; 'sends': 0.24; "shouldn't": 0.24; 'math': 0.24; 'script': 0.25; 'header:In-Reply-To:1': 0.27; 'message-id:@mail.gmail.com': 0.30; "i'm": 0.30; 'code': 0.31; 'reply.': 0.31; 'requests': 0.31; 'class': 0.32; 'service,': 0.32; 'another': 0.32; 'actual': 0.34; 'could': 0.34; 'but': 0.35; 'received:google.com': 0.35; 'passwords': 0.36; 'material': 0.36; "i'll": 0.36; 'so,': 0.37; 'implement': 0.38; 'thank': 0.38; 'to:addr:python-list': 0.38; 'pm,': 0.38; 'does': 0.39; 'to:addr:python.org': 0.39; 'how': 0.40; 'course.': 0.60; 'is.': 0.60; 'year.': 0.61; 'numbers': 0.61; 'took': 0.61; 'matter': 0.61; 'simple': 0.61; "you've": 0.63; 'skip:n 10': 0.64; 'more': 0.64; 'effectively': 0.66; 'mar': 0.68; 'secure': 0.71; 'attention': 0.75; 'account.': 0.80; 'algorithm,': 0.84; 'locked': 0.84; 'stochastic': 0.84; 'simulation': 0.91; 'thing,': 0.91
DKIM-Signature v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type:content-transfer-encoding; bh=3whRYT6H1GivR0CItDbtFGymXwJrLQxhIndQb9XoN48=; b=Y36jLBVca4BvKtKaIwR6v3yuZ2RiGWvTclIa3tZRjFRgSE0ObhPFBbS8g4GYLZ1hWz mWYSVqwqxrzGYP9YX/WfytErxLeFgRtjTwWBO/4yp85UbYqDSi0liafGayTAVs0RDabP gTaVpnocBE3ZzzhQglTrWB1ekDEQgw8vz0QuYeY3zsNxtEH8iRbEeQQ96FuV6CwhzoDS X+YCsxX7U9fOheyaiez/OyefVxmULGArv7QivnII7GKNk3LuYWoqMHD9nKdUD9/i8YFK RvHXLwXUThUd3mnEZ3du7rJ3HC+INDZRaJMb1i3eqdEIzREa2ajysUPfet0NnEsUTu+1 ribw==
X-Received by 10.66.171.76 with SMTP id as12mr16898211pac.52.1393811407424; Sun, 02 Mar 2014 17:50:07 -0800 (PST)
MIME-Version 1.0
In-Reply-To <fe1cbc09-7004-42b4-b1ed-69b8083013eb@googlegroups.com>
References <09f43567-779e-4d01-8621-c4eb36354d99@googlegroups.com> <fe1cbc09-7004-42b4-b1ed-69b8083013eb@googlegroups.com>
From Ian Kelly <ian.g.kelly@gmail.com>
Date Sun, 2 Mar 2014 18:49:27 -0700
Subject Re: Password validation security issue
To Python <python-list@python.org>
Content-Type text/plain; charset=ISO-8859-1
Content-Transfer-Encoding quoted-printable
X-BeenThere python-list@python.org
X-Mailman-Version 2.1.15
Precedence list
List-Id General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive <http://mail.python.org/pipermail/python-list/>
List-Post <mailto:python-list@python.org>
List-Help <mailto:python-list-request@python.org?subject=help>
List-Subscribe <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups comp.lang.python
Message-ID <mailman.7617.1393811410.18130.python-list@python.org> (permalink)
Lines 29
NNTP-Posting-Host 2001:888:2000:d::a6
X-Trace 1393811410 news.xs4all.nl 2903 [2001:888:2000:d::a6]:41476
X-Complaints-To abuse@xs4all.nl
Xref csiph.com comp.lang.python:67498

Show key headers only | View raw

On Sun, Mar 2, 2014 at 4:10 PM, Renato <rvernucio@gmail.com> wrote:
> I would like to thank every one who posted a reply. I learnt a lot from you, guys! I appreciate your attention and your help :)
>
> I took a class on Computer Simulation last year. It was told that deterministic (pseudo-)random numbers are excellent for simulations, because they allow debugging and replication when using a seed(). But it was said that deterministic random numbers weren't indeed suitable for encryption and security issues in general. For this purpose, non-deterministc stochastic methods would be more indicated. I learnt a lot about deterministic random numbers generation in this course, like using Mersenne Twister algorithm, but I learnt nothing about encryption, since it wasn't in the scope of that course. Could you suggest some introductory material concerning encryption? I have an intermediate math background (calculus, linear algebra etc) and I'm willing to learn more about security matters.
>
> One last thing, about my original question. So, the only way of encapsulating a Python script content is to code a simple binary program to call it?

Another alternative would be to implement the script as a service that
runs under a separate account.  All the user can directly access is a
client script that sends requests to the service, which does the
actual work and is effectively encapsulated.

I'll also reiterate what others have written about protecting
passwords.  No matter how much you think you've locked down the
script, you shouldn't be storing plaintext passwords *anywhere*.
Remember that nothing that you code will ever be as secure as you
think it is.

Back to comp.lang.python | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

Password validation security issue Renato <rvernucio@gmail.com> - 2014-03-01 09:49 -0800
  Re: Password validation security issue Chris Angelico <rosuav@gmail.com> - 2014-03-02 05:11 +1100
  Re: Password validation security issue Christian Heimes <christian@python.org> - 2014-03-01 19:31 +0100
  Re: Password validation security issue Tim Chase <python.list@tim.thechases.com> - 2014-03-01 12:38 -0600
  Re: Password validation security issue Chris Angelico <rosuav@gmail.com> - 2014-03-02 05:43 +1100
  Re: Password validation security issue Chris Angelico <rosuav@gmail.com> - 2014-03-02 05:45 +1100
  Re: Password validation security issue Christian Heimes <christian@python.org> - 2014-03-01 20:54 +0100
    Re: Password validation security issue Roy Smith <roy@panix.com> - 2014-03-01 15:25 -0500
      Re: Password validation security issue Christian Heimes <christian@python.org> - 2014-03-01 23:07 +0100
      Re: Password validation security issue Chris Angelico <rosuav@gmail.com> - 2014-03-02 09:13 +1100
  Re: Password validation security issue Chris Angelico <rosuav@gmail.com> - 2014-03-02 07:11 +1100
  Re: Password validation security issue Christian Heimes <christian@python.org> - 2014-03-02 20:25 +0100
    Re: Password validation security issue Roy Smith <roy@panix.com> - 2014-03-02 15:01 -0500
      Re: Password validation security issue Chris Angelico <rosuav@gmail.com> - 2014-03-03 07:32 +1100
      Re: Password validation security issue Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2014-03-03 01:16 +0000
        Re: Password validation security issue Ian Kelly <ian.g.kelly@gmail.com> - 2014-03-02 18:52 -0700
          Re: Password validation security issue Steven D'Aprano <steve@pearwood.info> - 2014-03-03 04:38 +0000
            Re: Password validation security issue Chris Angelico <rosuav@gmail.com> - 2014-03-03 16:44 +1100
            Re: Password validation security issue Ian Kelly <ian.g.kelly@gmail.com> - 2014-03-02 23:50 -0700
        Re: Password validation security issue Chris Angelico <rosuav@gmail.com> - 2014-03-03 13:56 +1100
          Re: Password validation security issue Roy Smith <roy@panix.com> - 2014-03-03 08:41 -0500
            Re: Password validation security issue Chris Angelico <rosuav@gmail.com> - 2014-03-04 00:55 +1100
              Re: Password validation security issue Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2014-03-03 16:46 +0000
                Re: Password validation security issue Chris Angelico <rosuav@gmail.com> - 2014-03-04 05:46 +1100
            Re: Password validation security issue MRAB <python@mrabarnett.plus.com> - 2014-03-03 16:29 +0000
            Re: Password validation security issue Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2014-03-03 17:41 +0000
  Re: Password validation security issue Renato <rvernucio@gmail.com> - 2014-03-02 15:10 -0800
    Re: Password validation security issue Ian Kelly <ian.g.kelly@gmail.com> - 2014-03-02 18:49 -0700
    Re: Password validation security issue Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2014-03-03 02:30 +0000

csiph-web