On 03/30/2018 07:05 PM, Adam Johnson wrote:
This new file sounds good to me.Whilst you're at it, what is the new file size?I downloaded the gist, took only column 3 (the actual passwords) and gzipped it, it came to 81K over the existing 3.8K. Uncompressed that's 163K over 7.1K.
Still a tiny drop compared to a running system... but something worth keeping an eye on.
A quick look at the code shows, of course, that you can specify your own file, so IFF this new file is rejected, it can at least be easily offered and used.
It would probably warrant a smarter checking algorithm over the current one, where the validator loads the whole file into memory on initialization (and doesn't share it between instances).
The current solution is storing the strings in a set, so membership of strings in a set _should_ be fairly efficient.
-- Curtis
OOI have you seen https://github.com/ubernostrum/pwned-passwords-django/ , which uses Troy Hunt's massive API for all leaked passwords ?
The joy of pluggable validators is... people can choose their level of strictness :)
-- C -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/aa76a554-41be-191f-3c8f-914aadf16af4%40tinbrain.net. For more options, visit https://groups.google.com/d/optout.
