In article mailman.7619.1393815421.18130.python-l...@python.org,
Chris Angelico ros...@gmail.com wrote:
The greatest threats these days are from the network, not from someone
physically walking into an office. (That said, though, the low-hanging
fruit from walking into an office can be
On Tue, Mar 4, 2014 at 12:41 AM, Roy Smith r...@panix.com wrote:
I used to work at big company which had a typical big company IT
department which enforced all sorts of annoying pseudo-security rules.
As far as I could figure out, however, all you needed to get them to
reset anybody's password
On 2014-03-03 13:55, Chris Angelico wrote:
On Tue, Mar 4, 2014 at 12:41 AM, Roy Smith r...@panix.com wrote:
I used to work at big company which had a typical big company IT
department which enforced all sorts of annoying pseudo-security rules.
As far as I could figure out, however, all you
On Tue, 04 Mar 2014 00:55:45 +1100, Chris Angelico wrote:
But it's an attack vector that MUST be considered, which is why I never
tell the truth in any secret question / secret answer boxes. Why some
sites think mother's maiden name is at all safe is beyond my
comprehension. And that's not
On Mon, 03 Mar 2014 08:41:10 -0500, Roy Smith wrote:
In article mailman.7619.1393815421.18130.python-l...@python.org,
Chris Angelico ros...@gmail.com wrote:
The greatest threats these days are from the network, not from someone
physically walking into an office. (That said, though, the
On Tue, Mar 4, 2014 at 3:46 AM, Steven D'Aprano
steve+comp.lang.pyt...@pearwood.info wrote:
On Tue, 04 Mar 2014 00:55:45 +1100, Chris Angelico wrote:
But it's an attack vector that MUST be considered, which is why I never
tell the truth in any secret question / secret answer boxes. Why some
On 01.03.2014 21:11, Chris Angelico wrote:
The problem isn't SHA-256. The problem is insecure passwords, the way
we've been taught to make them by the banks. Hence, XKCD 936.
Your argumentation is just wrong. You are saying It's OK to use a
totally insecure way to hash passwords because
In article mailman.7592.1393788339.18130.python-l...@python.org,
Christian Heimes christ...@python.org wrote:
On 01.03.2014 21:11, Chris Angelico wrote:
The problem isn't SHA-256. The problem is insecure passwords, the way
we've been taught to make them by the banks. Hence, XKCD 936.
On Mon, Mar 3, 2014 at 7:01 AM, Roy Smith r...@panix.com wrote:
We recently got a frothing email from a user, which basically said, You
farking idiots, you emailed me my password in plain text! It turns
out, his user name was the same as his password and what we had sent him
(in response to
I would like to thank every one who posted a reply. I learnt a lot from you,
guys! I appreciate your attention and your help :)
I took a class on Computer Simulation last year. It was told that deterministic
(pseudo-)random numbers are excellent for simulations, because they allow
debugging
On Sun, 02 Mar 2014 15:01:09 -0500, Roy Smith wrote:
Security is as much about cryptography as it is about human factors and
business drivers. You can make things resistant to brute-force attacks
by using longer keys, but people are still going to pick bad passwords.
Yes. But:
You can
On Sun, Mar 2, 2014 at 4:10 PM, Renato rvernu...@gmail.com wrote:
I would like to thank every one who posted a reply. I learnt a lot from you,
guys! I appreciate your attention and your help :)
I took a class on Computer Simulation last year. It was told that
deterministic (pseudo-)random
On Sun, 02 Mar 2014 15:10:06 -0800, Renato wrote:
I would like to thank every one who posted a reply. I learnt a lot from
you, guys! I appreciate your attention and your help :)
I took a class on Computer Simulation last year. It was told that
deterministic (pseudo-)random numbers are
On Sun, Mar 2, 2014 at 6:16 PM, Steven D'Aprano
steve+comp.lang.pyt...@pearwood.info wrote:
People have managed physical keys for *centuries*. Yes, there are a class
of threats where you lose your key, or someone steals it, or makes a
copy, but the risks are well-understood and can be managed
On Mon, Mar 3, 2014 at 12:52 PM, Ian Kelly ian.g.ke...@gmail.com wrote:
On Sun, Mar 2, 2014 at 6:16 PM, Steven D'Aprano
steve+comp.lang.pyt...@pearwood.info wrote:
People have managed physical keys for *centuries*. Yes, there are a class
of threats where you lose your key, or someone steals
On Sun, 02 Mar 2014 18:52:40 -0700, Ian Kelly wrote:
On Sun, Mar 2, 2014 at 6:16 PM, Steven D'Aprano
steve+comp.lang.pyt...@pearwood.info wrote:
People have managed physical keys for *centuries*. Yes, there are a
class of threats where you lose your key, or someone steals it, or
makes a
On Mon, Mar 3, 2014 at 3:38 PM, Steven D'Aprano st...@pearwood.info wrote:
Oh really? Chances are you're wallet is *full* of pieces of paper that
people would steal, given half the chance.
Alas no... around here, wallets get filled with pieces of plastic [1],
of which my wallet is sadly devoid.
On Sun, Mar 2, 2014 at 10:44 PM, Chris Angelico ros...@gmail.com wrote:
Of course, the whole concept depends on being able to use long
memorable passwords. Any system that sets a maximum password length of
anything less than about 30-40 characters is causing its users
problems. There's almost
Hello everybody, I implemented a password validation with a Python 2.7.5 script
in OpenSUSE 13.1. The user calls it passing 'login' and 'password' as
arguments. I made a dictionary in the format hashtable = {'login':'password'}
and I use this hash table to compare the 'login' and 'password'
On Sun, Mar 2, 2014 at 4:49 AM, Renato rvernu...@gmail.com wrote:
Hello everybody, I implemented a password validation with a Python 2.7.5
script in OpenSUSE 13.1. The user calls it passing 'login' and 'password' as
arguments. I made a dictionary in the format hashtable = {'login':'password'}
On 01.03.2014 19:11, Chris Angelico wrote:
On Sun, Mar 2, 2014 at 4:49 AM, Renato rvernu...@gmail.com wrote:
Hello everybody, I implemented a password validation with a Python 2.7.5
script in OpenSUSE 13.1. The user calls it passing 'login' and 'password' as
arguments. I made a dictionary in
On 2014-03-02 05:11, Chris Angelico wrote:
On Sun, Mar 2, 2014 at 4:49 AM, Renato rvernu...@gmail.com wrote:
My question is: is there a way of preventing the user from
reading the script's content?
Not really. It might be a bit obfuscated, but
Is there any strategy I could use to hide
On Sun, Mar 2, 2014 at 5:38 AM, Tim Chase python.l...@tim.thechases.com wrote:
That said, if the user has access to the source code, there's nothing
preventing them from changing
if hash(provided_password) == existing_hash:
do_magic()
into just
if True:
do_magic()
and
On Sun, Mar 2, 2014 at 5:31 AM, Christian Heimes christ...@python.org wrote:
encrypted = hashlib.sha256(login+'NaCl protects your
passwords'+password).hexdigest()
encrypted
'b329f2674af4d8d873e264d23713ace4505c211410eb46779c27e02d5a50466c'
Please don't do that. It's insecure and not the
On 01.03.2014 19:45, Chris Angelico wrote:
On Sun, Mar 2, 2014 at 5:31 AM, Christian Heimes christ...@python.org wrote:
encrypted = hashlib.sha256(login+'NaCl protects your
passwords'+password).hexdigest()
encrypted
'b329f2674af4d8d873e264d23713ace4505c211410eb46779c27e02d5a50466c'
Please
On Sun, Mar 2, 2014 at 6:54 AM, Christian Heimes christ...@python.org wrote:
Yes, for most applications brute force is still the best option to crack
the password. Passwords are usually rather short, have a low entropy and
modern hardware is insanely fast. With software like [1] and a fast GPU
In article mailman.7533.1393703687.18130.python-l...@python.org,
Christian Heimes christ...@python.org wrote:
With software like [1] and a fast GPU
it is possible to do more than 10*10^9 checks/second for SHA-256.
Just out of curiosity, how does that differ from 10^10 checks/second?
--
On 01.03.2014 21:25, Roy Smith wrote:
In article mailman.7533.1393703687.18130.python-l...@python.org,
Christian Heimes christ...@python.org wrote:
With software like [1] and a fast GPU
it is possible to do more than 10*10^9 checks/second for SHA-256.
Just out of curiosity, how does
On Sun, Mar 2, 2014 at 9:07 AM, Christian Heimes christ...@python.org wrote:
On 01.03.2014 21:25, Roy Smith wrote:
In article mailman.7533.1393703687.18130.python-l...@python.org,
Christian Heimes christ...@python.org wrote:
With software like [1] and a fast GPU
it is possible to do more
29 matches
Mail list logo