[wp-hackers] Stronger default passwords
Kitty
kitty at mookitty.co.uk
Wed Dec 22 02:55:35 UTC 2004
> Update of /cvsroot/cafelog/wordpress
>
> Modified Files:
> wp-login.php
> Log Message:
> Make reset passwords use the same randomness we do in install.php. Hat
> tip: swoolley.
Maybe it's time to make the generated passwords a little longer? With
all the PHP security news + phpBB cracks coming out/going around, it
might be a good idea.
I suggest 10 digits ala:
$user_pass = substr(md5(uniqid(microtime())), 0, 10);
Overkill?
--
Cheers, Blog: http://blog.mookitty.co.uk
Kitty PC Repair: http://www.girltech.net
WP Plugins: http://mookitty.co.uk/devblog
Support proactive security: http://www.openbsd.org/orders.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : /pipermail/hackers_wordpress.org/attachments/20041221/f2f98a61/attachment.bin
More information about the hackers
mailing list