https://bugzilla.wikimedia.org/show_bug.cgi?id=17604
Aryeh Gregor <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] | |m --- Comment #7 from Aryeh Gregor <[email protected]> 2009-02-24 20:33:01 UTC --- (In reply to comment #4) > @demon: I won't explain why reducing the number of possible choices reduces > password security. Read basic texts on the subject matter. It doesn't materially reduce the number of possible choices. The number of possible choices in any event is roughly 2^x, where x is the max POST size in bits. Typically x will be on the order of at least 10,000,000, and even banning all Unicode characters will not reduce this a whole lot. I think this kind of extension is really annoying, and a much better implementation would be to rely more on dictionaries and length. carnivorousstegasauroid is a lot more secure than Password1234, but the former would probably be banned by many simplistic password strength checkers when the latter would not. But it prevents people from using passwords like "password" and so is almost certainly an increase in security -- I think the reason for deletion is bogus. If the extension encourages banning non-ASCII characters, this should be fixed. It can be done without deleting the whole extension. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
