From b4c63290d9209b3be143daf4cca096956ef6f741 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Tim=20D=C3=BCsterhus?= <duesterhus@woltlab.com>
Date: Thu, 17 Jun 2021 15:22:47 +0200
Subject: [PATCH] Deprecate PasswordUtil::getRandomPassword()

---
 wcfsetup/install/files/lib/util/PasswordUtil.class.php | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/wcfsetup/install/files/lib/util/PasswordUtil.class.php b/wcfsetup/install/files/lib/util/PasswordUtil.class.php
index 8ff517430b..514e30aaf0 100644
--- a/wcfsetup/install/files/lib/util/PasswordUtil.class.php
+++ b/wcfsetup/install/files/lib/util/PasswordUtil.class.php
@@ -17,8 +17,7 @@ use wcf\util\exception\CryptoException;
 final class PasswordUtil
 {
     /**
-     * list of possible characters in generated passwords
-     * @var string
+     * @deprecated 5.5 - Generation of random passwords is deprecated.
      */
     const PASSWORD_CHARSET = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
 
@@ -189,10 +188,7 @@ final class PasswordUtil
     }
 
     /**
-     * Generates a random alphanumeric user password with the given character length.
-     *
-     * @param int $length
-     * @return  string
+     * @deprecated 5.5 - Use some constant time encoder (e.g. Hex, Base32, or Base64) on the result of `\random_bytes()`.
      */
     public static function getRandomPassword($length = 12)
     {
-- 
2.20.1