--- Comment #6 from ✓ <> 2010-11-15 19:11:26 UTC ---
(In reply to comment #3)
> Password are encrypted with md5 and salted. 
I thought as much. Bruteforcing is neither a solution, it might be possible for
1-char passwords, but 2 or 3 are also not save enough. (Also imagine about the
PR: "Wikipedia admins hack their users' passwords!" :-)

(In reply to comment #5)
Good idea, but not as easy to code as I supposed at first. And you can't
guarantee that any user would login another time...
But a new variable like $wgMinimalPasswordLengthForNewRegistrations sounds
Together with the force to change it would imho solve the problem.

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.
Wikibugs-l mailing list

Reply via email to