https://bugzilla.wikimedia.org/show_bug.cgi?id=25925

--- Comment #6 from ✓ <andbe...@web.de> 2010-11-15 19:11:26 UTC ---
(In reply to comment #3)
> Password are encrypted with md5 and salted. 
I thought as much. Bruteforcing is neither a solution, it might be possible for
1-char passwords, but 2 or 3 are also not save enough. (Also imagine about the
PR: "Wikipedia admins hack their users' passwords!" :-)

(In reply to comment #5)
Good idea, but not as easy to code as I supposed at first. And you can't
guarantee that any user would login another time...
But a new variable like $wgMinimalPasswordLengthForNewRegistrations sounds
well.
Together with the force to change it would imho solve the problem.

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

Reply via email to