http://sharetext.org/BEM is another good list (the one that Twitter used
to use I think)
** Changed in: mahara
Status: New => Triaged
--
You received this bug notification because you are a member of Mahara
Core, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/844457
Title:
suckypasswords check is very limited, could be expanded
Status in Mahara ePortfolio:
Triaged
Bug description:
When validating passwords, there is is a check against an array of really bad
passwords:
https://gitorious.org/mahara/mahara/blobs/f7d9a23f0744f719fc7f75bd5d740eef6ae4d055/htdocs/auth/lib.php#line1606
Currently the collection of bad passwords is really small. It could be
expanded. Some resources are:
http://www.dragonresearchgroup.org/insight/sshpwauth-cloud.html
http://img.sjbn.co/files/500-most-used-passwords-show-as-a-tag-cloud.gif
http://www.skullsecurity.org/wiki/index.php/Passwords
There should be more than one level of filtering bad passwords. Some,
such as the current suckypasswords collection, should be forced. There
should also be an optional blacklist based on the resources above.
To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/844457/+subscriptions
_______________________________________________
Mailing list: https://launchpad.net/~mahara-core
Post to : [email protected]
Unsubscribe : https://launchpad.net/~mahara-core
More help : https://help.launchpad.net/ListHelp
