mahara-contributors team mailing list archive
-
mahara-contributors team
-
Mailing list archive
-
Message #05986
[Bug 844457] [NEW] suckypasswords check is very limited, could be expanded
Public bug reported:
When validating passwords, there is is a check against an array of really bad passwords:
https://gitorious.org/mahara/mahara/blobs/f7d9a23f0744f719fc7f75bd5d740eef6ae4d055/htdocs/auth/lib.php#line1606
Currently the collection of bad passwords is really small. It could be expanded. Some resources are:
http://www.dragonresearchgroup.org/insight/sshpwauth-cloud.html
http://img.sjbn.co/files/500-most-used-passwords-show-as-a-tag-cloud.gif
http://www.skullsecurity.org/wiki/index.php/Passwords
There should be more than one level of filtering bad passwords. Some,
such as the current suckypasswords collection, should be forced. There
should also be an optional blacklist based on the resources above.
** Affects: mahara
Importance: Wishlist
Status: Triaged
** Changed in: mahara
Importance: Undecided => Wishlist
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/844457
Title:
suckypasswords check is very limited, could be expanded
Status in Mahara ePortfolio:
Triaged
Bug description:
When validating passwords, there is is a check against an array of really bad passwords:
https://gitorious.org/mahara/mahara/blobs/f7d9a23f0744f719fc7f75bd5d740eef6ae4d055/htdocs/auth/lib.php#line1606
Currently the collection of bad passwords is really small. It could be expanded. Some resources are:
http://www.dragonresearchgroup.org/insight/sshpwauth-cloud.html
http://img.sjbn.co/files/500-most-used-passwords-show-as-a-tag-cloud.gif
http://www.skullsecurity.org/wiki/index.php/Passwords
There should be more than one level of filtering bad passwords. Some,
such as the current suckypasswords collection, should be forced. There
should also be an optional blacklist based on the resources above.
To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/844457/+subscriptions
Follow ups
-
[Bug 844457] Re: suckypasswords check is very limited, could be expanded
From: Jinelle Foley-Barnes, 2015-04-20
-
[Bug 844457] Re: suckypasswords check is very limited, could be expanded
From: Robert Lyon, 2015-04-17
-
[Bug 844457] A change has been merged
From: Mahara Bot, 2015-02-11
-
[Bug 844457] Re: suckypasswords check is very limited, could be expanded
From: Robert Lyon, 2015-02-11
-
[Bug 844457] A patch has been submitted for review
From: Mahara Bot, 2015-01-19
-
[Bug 844457] A patch has been submitted for review
From: Mahara Bot, 2015-01-15
-
[Bug 844457] A patch has been submitted for review
From: Mahara Bot, 2015-01-15
-
[Bug 844457] A change has been merged
From: Mahara Bot, 2015-01-14
-
[Bug 844457] A patch has been submitted for review
From: Mahara Bot, 2015-01-13
-
[Bug 844457] Re: suckypasswords check is very limited, could be expanded
From: Amelia Cordwell, 2015-01-13
-
[Bug 844457] A patch has been submitted for review
From: Mahara Bot, 2015-01-13
-
[Bug 844457] A patch has been submitted for review
From: Mahara Bot, 2015-01-13
-
[Bug 844457] Re: suckypasswords check is very limited, could be expanded
From: Amelia Cordwell, 2015-01-13
-
[Bug 844457] Re: suckypasswords check is very limited, could be expanded
From: Hugh Davenport, 2015-01-11
-
[Bug 844457] Re: suckypasswords check is very limited, could be expanded
From: François Marier, 2011-11-23
-
[Bug 844457] Re: suckypasswords check is very limited, could be expanded
From: François Marier, 2011-09-08
-
[Bug 844457] [NEW] suckypasswords check is very limited, could be expanded
From: Melissa Draper, 2011-09-08
References
