[Mahara-contributors] [Bug 844457] [NEW] suckypasswords check is very limited, could be expanded

Melissa Draper Wed, 07 Sep 2011 20:00:54 -0700

Public bug reported:

When validating passwords, there is is a check against an array of really bad 
passwords:
https://gitorious.org/mahara/mahara/blobs/f7d9a23f0744f719fc7f75bd5d740eef6ae4d055/htdocs/auth/lib.php#line1606

Currently the collection of bad passwords is really small. It could be
expanded. Some resources are:
http://www.dragonresearchgroup.org/insight/sshpwauth-cloud.html
http://img.sjbn.co/files/500-most-used-passwords-show-as-a-tag-cloud.gif
http://www.skullsecurity.org/wiki/index.php/Passwords

There should be more than one level of filtering bad passwords. Some,
such as the current suckypasswords collection, should be forced. There
should also be an optional blacklist based on the resources above.

** Affects: mahara
Importance: Wishlist
Status: Triaged

** Changed in: mahara
Importance: Undecided => Wishlist

--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/844457

Title:
suckypasswords check is very limited, could be expanded

Status in Mahara ePortfolio:
Triaged

Bug description:
When validating passwords, there is is a check against an array of really bad
passwords:

https://gitorious.org/mahara/mahara/blobs/f7d9a23f0744f719fc7f75bd5d740eef6ae4d055/htdocs/auth/lib.php#line1606

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/844457/+subscriptions

_______________________________________________
Mailing list: https://launchpad.net/~mahara-contributors
Post to : mahara-contributors@lists.launchpad.net
Unsubscribe : https://launchpad.net/~mahara-contributors
More help : https://help.launchpad.net/ListHelp

[Mahara-contributors] [Bug 844457] [NEW] suckypasswords check is very limited, could be expanded

Reply via email to