password security
Anders M Eriksson
anders.eriksson at morateknikutveckling.se
Fri May 19 08:43:15 EDT 2000
On Fri, 19 May 2000 04:10:33 -0400, "Tim Peters"
<tim_one at email.msn.com> wrote:
>> Is this secure on any level?
>
>MD5 is still widely thought to be secure, although Nagging Doubts Have Been
>Raised. The biggest risk with any password scheme is that people tend to
>pick easily-guessed passwords, and IMO that swamps the risk due to MD5. sha
Thanks for the answer I think I understand. The random string will not
add to the security, because it's easy to retrieve the data from the
python byte-code.
And the md5.digest() will not be any more secure for a long password
than for a short one. the only difference is that with a brute force
attach the short one will probably occur earlier.
Since this application isn't aimed at an audience of cypherpunks or
similar I will just use the simple:
md5.new(user+pw)
// Anders
More information about the Python-list
mailing list