[wp-hackers] Stronger default passwords

Kitty kitty at mookitty.co.uk
Wed Dec 22 02:55:35 UTC 2004

> Update of /cvsroot/cafelog/wordpress
> Modified Files:
>         wp-login.php 
> Log Message:
> Make reset passwords use the same randomness we do in install.php. Hat
> tip: swoolley.

Maybe it's time to make the generated passwords a little longer? With
all the PHP security news + phpBB cracks coming out/going around, it
might be a good idea.

I suggest 10 digits ala:
$user_pass = substr(md5(uniqid(microtime())), 0, 10);

Cheers,		     Blog: http://blog.mookitty.co.uk
Kitty		     PC Repair: http://www.girltech.net
		     WP Plugins: http://mookitty.co.uk/devblog
Support proactive security: http://www.openbsd.org/orders.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : /pipermail/hackers_wordpress.org/attachments/20041221/f2f98a61/attachment.bin

More information about the hackers mailing list