This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author hynek
Recipients arigo, christian.heimes, fijall, hynek, loewis, ncoghlan, pitrou
Date 2012-06-15.07:55:29
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <F8C6B640-C4CE-4FDF-8805-D2AD2DA160FF@ox.cx>
In-reply-to <4FDAE687.4000104@v.loewis.de>
Content
>> and any other place that compares passwords, tokens, …
> 
> No no no. Any sensible place to compare passwords would use some
> sort of one-way function (password hash) before the comparison,
> so that someone breaking into the machine will not gain the clear
> text passwords.

I agree that this is the right way to do. However I disagree that it's also the only sensible way to do in the real world. Sometimes you just _have_ to compare sensitive strings, whether you like it or not.

I see your point that adding such a function would leverage bad security behavior and thus may be a bad thing. The usefulness of such a function to some(?) people is IMHO not disputable though.
History
Date User Action Args
2012-06-15 07:55:30hyneksetrecipients: + hynek, loewis, arigo, ncoghlan, pitrou, christian.heimes, fijall
2012-06-15 07:55:29hyneklinkissue15061 messages
2012-06-15 07:55:29hynekcreate