projects / GitHub / WoltLab / WCF.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 170f6b3) | patch
Greatly improve quality of automatically generated passwords
authorTim Düsterhus <duesterhus@woltlab.com>
Sun, 14 Dec 2014 00:13:43 +0000 (01:13 +0100)
committerTim Düsterhus <duesterhus@woltlab.com>
Sun, 14 Dec 2014 00:31:01 +0000 (01:31 +0100)
commita6521ad583658eb081623bd2406791b8f12bc0ba
treec4cce21bb62b8e607400578098e26b02a47722fatree | snapshot (tar.gz zip)
parent170f6b3d1f55b06e27f6d9fd876d357e72ae6e03commit | diff
Greatly improve quality of automatically generated passwords

Previously the amount of characters for each type was deterministic, as
the character types were chosen in a round robin fashion, instead of
randomly choosing from the entire character set. This lead to about
47 bit of entropy with the default length of 8 characters. Additionally
str_shuffle does not use a SRNG, which may have reduced the entropy even
further.

The new algorithm, choosing fairly from the whole range of alphanumeric
characters with a default length of 12 characters provides about 71 bits
of entropy.
wcfsetup/install/files/lib/acp/form/MasterPasswordInitForm.class.php diff | blob | blame | history
wcfsetup/install/files/lib/form/NewPasswordForm.class.php diff | blob | blame | history
wcfsetup/install/files/lib/system/worker/SendNewPasswordWorker.class.php diff | blob | blame | history
wcfsetup/install/files/lib/util/PasswordUtil.class.php diff | blob | blame | history
WoltLab Suite Core (previously WoltLab Community Framework)