What sort of performance impact is this having over the existing list?
What's the additional memory load, if any?
--
Curtis
On 03/30/2018 04:24 PM, Brenton Cleeland wrote:
Three years ago Django introduced the CommonPasswordValidator and
included a list of 1,000 passwords considered to be "common". That list
was based on leaked passwords and came from xato.net[1].
I'd like to update the list to
a) be from a more reliable / recent source
b) be larger and more in line with the NIST recommendations
Security researcher Troy Hunt has published a massive list of leaked
passwords, including frequencies on Have I Been Pwned[2]. The top 20,000
of which are available in a gist from Royce Williams[3], including the
frequency, md5 hash and plain text password.
Interestingly there's 27 passwords in the Django list that aren't in the
HIBP list. I'd post them here but they're mostly short and not safe for
work.
I've created a ticket for the increase in size[4] but wanted to check in
and make sure this is something django-developers thinks is valuable.
Cheers,
Brenton
[1]:
https://web.archive.org/web/20150315154609/https://xato.net/passwords/more-top-worst-passwords/#.Wr3H1chxV25
[2]: https://haveibeenpwned.com/Passwords
[3]: https://gist.github.com/roycewilliams/281ce539915a947a23db17137d91aeb7
[4]: https://code.djangoproject.com/ticket/29274
--
You received this message because you are subscribed to the Google
Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to django-developers+unsubscr...@googlegroups.com
<mailto:django-developers+unsubscr...@googlegroups.com>.
To post to this group, send email to django-developers@googlegroups.com
<mailto:django-developers@googlegroups.com>.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-developers/0a215878-9d3f-4446-a018-602694f54904%40googlegroups.com
<https://groups.google.com/d/msgid/django-developers/0a215878-9d3f-4446-a018-602694f54904%40googlegroups.com?utm_medium=email&utm_source=footer>.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Django
developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-developers/5565c4fd-5de3-dc52-c952-5ad4b555bac0%40tinbrain.net.
For more options, visit https://groups.google.com/d/optout.