Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #67503

Re: Password validation security issue

Path csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!news.mixmin.net!feeds.phibee-telecom.net!newsfeed.xs4all.nl!newsfeed3a.news.xs4all.nl!xs4all!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail
Return-Path <ian.g.kelly@gmail.com>
X-Original-To python-list@python.org
Delivered-To python-list@mail.python.org
X-Spam-Status UNSURE 0.313
X-Spam-Level ***
X-Spam-Evidence '*H*': 0.39; '*S*': 0.01; 'keys,': 0.09; 'subject:Password': 0.16; 'subject:issue': 0.16; 'subject:security': 0.16; 'wrote:': 0.18; 'written': 0.21; 'holds': 0.26; 'header:In-Reply-To:1': 0.27; 'message- id:@mail.gmail.com': 0.30; "d'aprano": 0.31; 'keys': 0.31; 'piece': 0.31; 'steven': 0.31; 'class': 0.32; 'there.': 0.32; 'up.': 0.33; 'could': 0.34; "can't": 0.35; 'but': 0.35; 'received:google.com': 0.35; 'there': 0.35; 'passwords': 0.36; 'problems': 0.38; 'somebody': 0.38; 'to:addr:python-list': 0.38; 'pm,': 0.38; 'does': 0.39; 'expensive': 0.39; 'to:addr:python.org': 0.39; 'how': 0.40; 'even': 0.60; 'guy': 0.60; 'break': 0.61; 'phone': 0.66; 'mar': 0.68; 'lose': 0.68; 'nobody': 0.68; 'secure': 0.71; 'physical': 0.72; 'gain': 0.79; 'protect': 0.79; 'business,': 0.83; 'threats': 0.84; 'secrets': 0.93
DKIM-Signature v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; bh=hPulE1pLl95963vbGGDQmEijAhBzoWo3FugMl53i+oM=; b=YBqHYumivqFr38uxmKtKt9Is2dHW9GT2HHFNzfe9Br/9/NsRyXi/sYX2pnExrIYzkA Lvb3AAr+VWE/cA6UxAyGnXNXKf7Z2WDNlnw+ma48ktQUpNeyNLr833WFWreBVlalujT9 NwoC1gQEKbKNfq+blyCGVq1ucYdZaG5+6lFQke6Z6QxTJFKnbpIi5bsTEkEV38m4uOhS ghz4M71CEus9FPMMoK0B0twq+K9Y2rHhIlZ6q3WcVv+VHKzAuyO126WBWKXgBZ4JABCH Y+38YNXfOPRZFKRZeTJr76jK07tMisvByTaULtUahKTJ+/d9aL97JOv5COSQAQEplBji 9bEQ==
X-Received by 10.66.171.76 with SMTP id as12mr16910118pac.52.1393811600713; Sun, 02 Mar 2014 17:53:20 -0800 (PST)
MIME-Version 1.0
In-Reply-To <5313d7fe$0$29985$c3e8da3$5496439d@news.astraweb.com>
References <09f43567-779e-4d01-8621-c4eb36354d99@googlegroups.com> <CAPTjJmqCTLqXgmHMm2QGYJB1MmYEnhMV3OGe0jPc_UOoUQ9gQA@mail.gmail.com> <let920$fmn$1@ger.gmane.org> <CAPTjJmq0MYQugUnsL52ZN0um=V3iABHmM4+vsffD=+2YV7t=MA@mail.gmail.com> <letdt5$1g3$1@ger.gmane.org> <CAPTjJmra0AjHYjk3G+2mSgsewpX0qcmcKpQtqnebHXsQfT2YqQ@mail.gmail.com> <mailman.7592.1393788339.18130.python-list@python.org> <roy-5B94F1.15010902032014@news.panix.com> <5313d7fe$0$29985$c3e8da3$5496439d@news.astraweb.com>
From Ian Kelly <ian.g.kelly@gmail.com>
Date Sun, 2 Mar 2014 18:52:40 -0700
Subject Re: Password validation security issue
To Python <python-list@python.org>
Content-Type text/plain; charset=ISO-8859-1
X-Mailman-Approved-At Mon, 03 Mar 2014 03:37:24 +0100
X-BeenThere python-list@python.org
X-Mailman-Version 2.1.15
Precedence list
List-Id General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive <http://mail.python.org/pipermail/python-list/>
List-Post <mailto:python-list@python.org>
List-Help <mailto:python-list-request@python.org?subject=help>
List-Subscribe <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups comp.lang.python
Message-ID <mailman.7618.1393814245.18130.python-list@python.org> (permalink)
Lines 17
NNTP-Posting-Host 2001:888:2000:d::a6
X-Trace 1393814245 news.xs4all.nl 2839 [2001:888:2000:d::a6]:59078
X-Complaints-To abuse@xs4all.nl
Xref csiph.com comp.lang.python:67503

Show key headers only | View raw

On Sun, Mar 2, 2014 at 6:16 PM, Steven D'Aprano
<steve+comp.lang.python@pearwood.info> wrote:
> People have managed physical keys for *centuries*. Yes, there are a class
> of threats where you lose your key, or someone steals it, or makes a
> copy, but the risks are well-understood and can be managed even by your
> grandmother. We have good solutions for those problems that work well,
> and many of them apply just as well to sticky notes with secure passwords
> written on them.

I don't know how well the analogy holds up.  People protect their
keys, because a) if they lose them, they can't get into their house or
business, and b) if they're stolen, somebody else could gain access
and steal expensive items from them.  People are less likely to
protect their sticky notes, because a) nobody is going to steal a
piece of paper, and b) if it does go missing, the IT guy is just one
phone call away, and c) who would want to break into my desktop
anyway? I don't have any trade secrets in there.

Back to comp.lang.python | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

Password validation security issue Renato <rvernucio@gmail.com> - 2014-03-01 09:49 -0800
  Re: Password validation security issue Chris Angelico <rosuav@gmail.com> - 2014-03-02 05:11 +1100
  Re: Password validation security issue Christian Heimes <christian@python.org> - 2014-03-01 19:31 +0100
  Re: Password validation security issue Tim Chase <python.list@tim.thechases.com> - 2014-03-01 12:38 -0600
  Re: Password validation security issue Chris Angelico <rosuav@gmail.com> - 2014-03-02 05:43 +1100
  Re: Password validation security issue Chris Angelico <rosuav@gmail.com> - 2014-03-02 05:45 +1100
  Re: Password validation security issue Christian Heimes <christian@python.org> - 2014-03-01 20:54 +0100
    Re: Password validation security issue Roy Smith <roy@panix.com> - 2014-03-01 15:25 -0500
      Re: Password validation security issue Christian Heimes <christian@python.org> - 2014-03-01 23:07 +0100
      Re: Password validation security issue Chris Angelico <rosuav@gmail.com> - 2014-03-02 09:13 +1100
  Re: Password validation security issue Chris Angelico <rosuav@gmail.com> - 2014-03-02 07:11 +1100
  Re: Password validation security issue Christian Heimes <christian@python.org> - 2014-03-02 20:25 +0100
    Re: Password validation security issue Roy Smith <roy@panix.com> - 2014-03-02 15:01 -0500
      Re: Password validation security issue Chris Angelico <rosuav@gmail.com> - 2014-03-03 07:32 +1100
      Re: Password validation security issue Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2014-03-03 01:16 +0000
        Re: Password validation security issue Ian Kelly <ian.g.kelly@gmail.com> - 2014-03-02 18:52 -0700
          Re: Password validation security issue Steven D'Aprano <steve@pearwood.info> - 2014-03-03 04:38 +0000
            Re: Password validation security issue Chris Angelico <rosuav@gmail.com> - 2014-03-03 16:44 +1100
            Re: Password validation security issue Ian Kelly <ian.g.kelly@gmail.com> - 2014-03-02 23:50 -0700
        Re: Password validation security issue Chris Angelico <rosuav@gmail.com> - 2014-03-03 13:56 +1100
          Re: Password validation security issue Roy Smith <roy@panix.com> - 2014-03-03 08:41 -0500
            Re: Password validation security issue Chris Angelico <rosuav@gmail.com> - 2014-03-04 00:55 +1100
              Re: Password validation security issue Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2014-03-03 16:46 +0000
                Re: Password validation security issue Chris Angelico <rosuav@gmail.com> - 2014-03-04 05:46 +1100
            Re: Password validation security issue MRAB <python@mrabarnett.plus.com> - 2014-03-03 16:29 +0000
            Re: Password validation security issue Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2014-03-03 17:41 +0000
  Re: Password validation security issue Renato <rvernucio@gmail.com> - 2014-03-02 15:10 -0800
    Re: Password validation security issue Ian Kelly <ian.g.kelly@gmail.com> - 2014-03-02 18:49 -0700
    Re: Password validation security issue Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2014-03-03 02:30 +0000

csiph-web