[wp-hackers] Stronger default passwords
drDave
drdave at unknowngenius.com
Wed Dec 22 03:58:45 UTC 2004
With a few easy mods (perhaps adding a digits or two), that ought to do
the work:
http://aspn.activestate.com/ASPN/Cookbook/PHP/Recipe/101526
On Dec 21, 2004, at 11:01 PM, Scott Merrill wrote:
> Kitty wrote:
>> On Tue, 2004-12-21 at 20:16, Mark Jaquith wrote:
>>> Why don't we just prompt the user for an admin password when we ask
>>> for email and blog name? As it is, we give it to them, so it's not
>>> like there's really a security problem. It'd sure save a lot of
>>> frustration for users who don't write down the admin password (yeah,
>>> me once). We could enforce minimum length or complexity if we
>>> wanted, too, if we wanted to make things more secure.
>> All good points, and all I really have to say is:
>> Most people putting up a blog don't have the necessary paranoia to
>> pick
>> a password on a open to the internet login page[1]. We should
>> definitely
>> continue to provide the password. I think it should be stronger.
>
> Could someone port pwgen [1] to PHP so that we could at least provide
> pronounceable, moderately secure and moderately random passwords to
> the users?
>
> 1: http://sourceforge.net/projects/pwgen/
>
> _______________________________________________
> hackers mailing list
> hackers at wordpress.org
> http://wordpress.org/mailman/listinfo/hackers_wordpress.org
>
>
>
--
Dave / デイヴ
drdave at unknowngenius.com
More information about the hackers
mailing list