in reply to Minimal password checking: a summary

Since the title of this node includes the word summary I wanted to add this:

There is no such thing as a secure password and passwords aren't the end all of security. Even if the perfect program/script were to be written which was unbreakable, the password would still have it's greatest weakness in the user, who could tell someone the password, use it on a different non-secure site, or etc...

Not saying this directly to anyone, not even bronto, just wanted it added since this had the word summary. Besides that nice looking code and bronto++.

"Pain is weakness leaving the body, I find myself in pain everyday" -me

  • Comment on Re: Minimal password checking: a summary

Replies are listed 'Best First'.
Re: Re: Minimal password checking: a summary
by bronto (Priest) on Jul 29, 2003 at 14:58 UTC
    There is no such thing as a secure password and passwords aren't the end all of security. Even if the perfect program/script were to be written which was unbreakable, the password would still have it's greatest weakness in the user, who could tell someone the password, use it on a different non-secure site, or etc...

    I agree with you. Nevertheless, applying security is like building walls around your systems, and doors on the walls; and none of the doors should be too easy to open.

    A password is such a door. And every door should be secured as much as possible, compatibly with the environment around the system itself. Obviously, it doesn't make sense to have an uncatchable password when you leave yourself logged in on a publicly accessible terminal :-)

    Ciao!
    --bronto

    The very nature of Perl to be like natural language--inconsistant and full of dwim and special cases--makes it impossible to know it all without simply memorizing the documentation (which is not complete or totally correct anyway).
    --John M. Dlugosz
[reply]

In Section Seekers of Perl Wisdom