Issue #687 - 2024-09-23 - On secrets

latest | archive | edited by Gabor Szabo
This edition was made possible by the supporters of our cause.
Don't miss the next issue!

Hi there!

Last week the Weekly Challenge was about strong passwords. This made me wonder what is a strong password? On some web sites the length of you password is limited. (e.g. max 8 characters) which seems to me an indication that the developers have no clue about password security. Actually worse than that. It makes me worry that the site keeps the password as clear text in the database and the field size was set to that number. (e.g. 8 characters). Some places don't allow you to include spaces which make me wonder if they are constructing their database INSERT statement using string concatenation opening themselves to SQL injection attacks.

On many web sites you are required to use both upper and lowercase letters, digits and symbols. The symbols being a subset of the characters having the decimal ASCII code 32-47, 58-64, 91-96, 126. That is up to 30 different characters. The letters are 2*26 characters and the digits are the 10 different digits. The number of possibilities using letters and digits only is (26*2 + 10)^n and if we include all the symbols as well then it is (26*2 + 10 + 30)^n for a password of n characters. If I am not mistaken with this and with the calculations, this means that a 7-character password using [a-zA-Z0-9] has more variety than a 6-character password that also includes symbols. In other words having a longer password makes your password much stronger than including symbols as well. As far as I understand having 15-charcter password using only letters and spaces would make my password much stronger than having an 8-character password using all 92 characters.

So I tend to use sentences that make sense to me or quotes from poems or from song lyrics as passwords. That makes it much easier to remember them and - if I am not mistaken - harder to find by an attacker.

What do you think?

In other news Adam Russell, Brett Estrade, and Christos Argyropoulos are trying to get the word out about the Perl Community Conference / Science Perl Journal Winter 2024 CALL FOR PAPERS NOW OPEN! (Deadline 9/30).

Enjoy your week!

Gabor Szabo


Announcements

CFP: Perl Community Conference, Winter 2024 🎂 - closes 9/30

by Brett Estrade (OODLER)

Reading that announcement it is unclear to me. Is it a journal or is it a virtual conference? Are people expected to submit the paper to present it or are those two things separate? I suggest you ask the organizers!


Articles

Dancing with Copilot Workspace

by Dave Cross (DAVECROSS)

It seem Dave is quie happy with the various features of Copilot. It might be time that I also give it a try. At least for open source projects.

Taking VelociPerl for a ride

by Christos Argyropoulos

Personally I don't think I like closed-source 'improvements' to Open Source projects. It feels like ripping off the volunteer work of the community who built that Open Source software. On the other hand maybe this is the only way to getting rid of certain old construct in Perl that limit the improvements in the language. There is also a discussion on Reddit about this.


The Weekly Challenge

The Weekly Challenge by Mohammad Sajid Anwar will help you step out of your comfort-zone. You can even win prize money of $50 by participating in the weekly challenge. We pick one champion at the end of the month from among all of the contributors during the month, thanks to the sponsor Lance Wicks.

The Weekly Challenge - 288

by Mohammad Sajid Anwar (MANWAR)

Welcome to a new week with a couple of fun tasks "Closest Palindrome" and "Contiguous Block". If you are new to the weekly challenge then why not join us and have fun every week. For more information, please read the FAQ.

RECAP - The Weekly Challenge - 287

by Mohammad Sajid Anwar (MANWAR)

Enjoy a quick recap of last week's contributions by Team PWC dealing with the "Strong Password" and "Valid Number" tasks in Perl and Raku. You will find plenty of solutions to keep you busy.

Challenge 287

by Andrew Schneider

Interesting story behind getting the optimal solution. I find it very engaging. Thanks for sharing kmowledge.

Strong and Valid

by Arne Sommer

Regex in Raku is showing the true power. Handling the edge case is the bonus. Great work, keep it up.

Strength in Numbers

by Bob Lied

Mix of readymade solution or pure regex approach. Plenty to keep us entertained. Well done.

Strong Password

by E. Choroba (CHOROBA)

Great to see blog post after a long time. You can clearly see the reason why it is needed. You really don't want to skip it.

Common Passwords

by Jorg Sommrey

Using CPAN can produce elegant one-liner as shared in the post. Breaking down task is also very handy. Thanks for the contributions.

Perl Weekly Challenge 287: Strong Password

by Laurent Rosenfeld

Breaking down the task to deal complex task is very handy. And on top we get the detailed discussion. Great work, keep it up.

Perl Weekly Challenge 287: Valid Number

by Laurent Rosenfeld

Great introduction to advanced regex of Raku. Complex subject explained so easily, well done.

in regexp we trust!

by Luca Ferrari

Welcome back to blogging. Use of pure regex solution is so easy to follow. Thanks for sharing knowledge with us.

Perl Weekly Challenge 287

by W Luis Mochan

The highlight of this week solution is the use of regex in Perl one-liner is very unique. Great work.

About Passwords, Birds, and Common Regexes

by Matthias Muth

Thorough discussion of solution shared in the blog post. I find it very engaging. Highly recommended.

Strong but Valid

by Packy Anderson (PACKY)

Handling of unicode is not the easy route but here we have a solution where it is dealt with so ease. Brilliant work.

Strong and valid

by Peter Campbell Smith

Dealing the task in multiple stages is the coolest approach and easy to follow. DIY tool on top is bonus, you would definitely love to play.

PWC 287

by Peter Pentchev

Detailed discussion is very handy and explained in simple language. I find it very fun to read. Great work.

The Weekly Challenge - 287

by Reinier Maliepaard

I love self documented solution as shared in the blog post. It helps in breaking down the regex approach. Keep sharing the knowledge.

The Weekly Challenge #287

by Robbie Hatley

Getting pure regex solution can be sometime very difficult but here we have one. The compact discussion is worth checking.

Strong and Valid

by Roger Bell West (FIREDRAKE)

Raku and Kotlin are the choosen language for the blog post. Specially the Kotlin's solution is fun to read. Highly recommended.

Good things

by Simon Green

Python is always the pick of the language for the blog post. Here we got the great example of how to use regex in Python. Thanks for sharing kmowledge.


Weekly collections

Events

Toronto Perl Mongers monthly meeting

September 26, 2024, Virtual event

Boston.pm monthly meeting

October 8, 2024, Virtual event

Purdue Perl Mongers

October 09, 2024, Virtual event

London Perl and Raku Workshop

October 26, 2024, in London, UK



You know, you could get the Perl Weekly right in your mailbox. Every Week.
Free of charge!

Just ONE e-mail each Monday. Easy to unsubscribe. No spam. Your e-mail address is safe.
Perl Weekly on Twitter RSS Feed of the Perl Weekly. Updated once a week