Date: Wed, 24 Aug 2016 22:25:33 +0200 From: "e@...tmx.net" <e@...tmx.net> To: passwords@...ts.openwall.com Subject: Re: GMOs And Passwords On 08/24/2016 10:22 PM, Scott Arciszewski wrote: > On Wed, Aug 24, 2016 at 4:18 PM, e@...tmx.net <mailto:e@...tmx.net> > <e@...tmx.net <mailto:e@...tmx.net>>wrote: > > [insult skipped] > > But how we as service developers can automate checks for such > kind of > advices? Should we? > > > we should NOT! > > (1) it is completely different area of responsibility. > do not mess with the users' free will. > expending of your "care" beyond the boundaries of your responsibility > always cases more trouble than good. > > (2) an ideal password should FAIL all checks. > checks are LIMITATIONS. > a password that complies to a policy is worse than a password that > does not. > > > On one side, I can see how "don't > reject any values" could lead to more work for attackers. > > On the other, if they're certainly going to guess 123456 and password, > maybe we shouldn't allow users to use those strings in the first place? ref to (1)
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.