On Sun, Oct 30, 2011 at 2:20 PM, Antoine Musso <hashar+wmf(a)free.fr> wrote:
On 30/10/11 12:28, William Allen Simpson wrote:
> It
might perhaps be worth adding one more character,
Really, how*hard* is it to
generate a longer string?
Have a look at the method User::randomPassword() in the file
includes/User.php :
Password is at least 7 characters long and can be made longer with the
global $wgMinimalPasswordLength (which will require longer password for
everyone).
So we could just change that 7 to 10 and we will get longer temporary
passwords.
We could, but why would we? As has been shown by me and others in this
thread, any brute force attempt that has a reasonable chance to crack the
current passwords would already include an amount of traffic to the
Wikimedia servers amounting ot a Denial of Service attack.
--
André Engels, andreengels(a)gmail.com