On Sun, Oct 30, 2011 at 2:20 PM, Antoine Musso <[email protected]> wrote:
> On 30/10/11 12:28, William Allen Simpson wrote: > >> > It might perhaps be worth adding one more character, > > Really, how*hard* is it to generate a longer string? > > Have a look at the method User::randomPassword() in the file > includes/User.php : > > Password is at least 7 characters long and can be made longer with the > global $wgMinimalPasswordLength (which will require longer password for > everyone). > > So we could just change that 7 to 10 and we will get longer temporary > passwords. > We could, but why would we? As has been shown by me and others in this thread, any brute force attempt that has a reasonable chance to crack the current passwords would already include an amount of traffic to the Wikimedia servers amounting ot a Denial of Service attack. -- André Engels, [email protected] _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
