[wp-trac] [WordPress Trac] #21737: Users should have to jump through hoops to set passwords of their choosing, and we should guard better against weak passwords
WordPress Trac
noreply at wordpress.org
Wed Aug 28 19:36:37 UTC 2013
#21737: Users should have to jump through hoops to set passwords of their choosing,
and we should guard better against weak passwords
----------------------------+-----------------------
Reporter: markjaquith | Owner: westi
Type: task (blessed) | Status: accepted
Priority: normal | Milestone: 3.7
Component: Security | Version:
Severity: normal | Resolution:
Keywords: |
----------------------------+-----------------------
Comment (by iandunn):
It looks like the `user_input` parameter is being ignored.
If I run `console.log( zxcvbn( 'iandunn', [ 'iandunn' ] ) );` on the
official demo site at
https://dl.dropboxusercontent.com/u/209/zxcvbn/test/index.html, it returns
an entropy of `0` because the password appears in `user_input`, but if I
run that against trunk, it returns `14`.
I mentioned it to Jon on IRC and he thought that `user_input` needs to
pass through `rot_13()`.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/21737#comment:41>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list