Re: A more useful list of common passwords?

2018-04-16 Thread Kelly
Thank you for your quick reply! We will try that. Cheers, Kelly On Friday, April 13, 2018 at 5:33:24 PM UTC-4, James Bennett wrote: > > One approach you might try is on every test run, randomly select some > lines from the list of common passwords and verify they fail the validator. > That

Re: A more useful list of common passwords?

2018-04-13 Thread James Bennett
One approach you might try is on every test run, randomly select some lines from the list of common passwords and verify they fail the validator. That way we know it's not just testing a single, fixed, contrived case. -- You received this message because you are subscribed to the Google Groups

Re: A more useful list of common passwords?

2018-04-13 Thread Kelly
Hello! I am Kelly, a member of the group working on ticket #29274. We really appreciate your help thus far! We have successfully replaced the list of passwords and ran the unit tests with ./runtests.py. When looking at the CommonPasswordValidatorTest(TestCase) class found in

Re: A more useful list of common passwords?

2018-04-11 Thread Jessica F
I see. Thank you very much! Cheers, Jessica On Tuesday, April 10, 2018 at 5:59:20 PM UTC-4, Brenton Cleeland wrote: > > Hi Jessica (& team!), > > My immediate thought is that those rows are errors. They should be ignored > and not included in any list added to Django :) > > On 11 April 2018 at

Re: A more useful list of common passwords?

2018-04-10 Thread Brenton Cleeland
Hi Jessica (& team!), My immediate thought is that those rows are errors. They should be ignored and not included in any list added to Django :) On 11 April 2018 at 02:13, Jessica F wrote: > Hello! I'm Jessica, the assignee to this ticket. I am speaking on behalf > of a group

Re: A more useful list of common passwords?

2018-04-10 Thread Jessica F
Hello! I'm Jessica, the assignee to this ticket. I am speaking on behalf of a group of newbies contributing to open source projects. I was looking at the list of 20k passwords by Royce Williams, and there were 40 that were something like "$HEX[d0bfd197d5]". When I parsed them, nothing legible

Re: A more useful list of common passwords?

2018-03-30 Thread Curtis Maloney
On 03/30/2018 07:05 PM, Adam Johnson wrote: This new file sounds good to me. Whilst you're at it, what is the new file size? I downloaded the gist, took only column 3 (the actual passwords) and gzipped it, it came to 81K over the existing 3.8K. Uncompressed that's 163K over 7.1K.

Re: A more useful list of common passwords?

2018-03-30 Thread Adam Johnson
This new file sounds good to me. Whilst you're at it, what is the new file size? I downloaded the gist, took only column 3 (the actual passwords) and gzipped it, it came to 81K over the existing 3.8K. Uncompressed that's 163K over 7.1K. It would probably warrant a smarter checking algorithm

Re: A more useful list of common passwords?

2018-03-30 Thread Brenton Cleeland
Heya, Curtis! The gzipped file size of the new file is 82K. That's with all 19,999 passwords from Royce's list. I threw together a quick test that compares the default list to the new larger one by checking 10,000 random passwords. Speed difference is negligible, with both varying between

Re: A more useful list of common passwords?

2018-03-29 Thread Curtis Maloney
By which I mean... hi Brenton! Great to see you being active again :) It's great you've taken the time to do this, and the benefits are very clear [improved security], but what are the costs? Whilst you're at it, what is the new file size? -- Curtis On 03/30/2018 04:26 PM, Curtis Maloney

Re: A more useful list of common passwords?

2018-03-29 Thread Curtis Maloney
What sort of performance impact is this having over the existing list? What's the additional memory load, if any? -- Curtis On 03/30/2018 04:24 PM, Brenton Cleeland wrote: Three years ago Django introduced the CommonPasswordValidator and included a list of 1,000 passwords considered to be

A more useful list of common passwords?

2018-03-29 Thread Brenton Cleeland
Three years ago Django introduced the CommonPasswordValidator and included a list of 1,000 passwords considered to be "common". That list was based on leaked passwords and came from xato.net[1]. I'd like to update the list to a) be from a more reliable / recent source b) be larger and more in