On Sun, Oct 30, 2011 at 2:20 PM, Antoine Musso hashar+wmf@free.fr wrote:
On 30/10/11 12:28, William Allen Simpson wrote:
It might perhaps be worth adding one more character,
Really, how*hard* is it to generate a longer string?
Have a look at the method User::randomPassword() in the file includes/User.php :
Password is at least 7 characters long and can be made longer with the global $wgMinimalPasswordLength (which will require longer password for everyone).
So we could just change that 7 to 10 and we will get longer temporary passwords.
We could, but why would we? As has been shown by me and others in this thread, any brute force attempt that has a reasonable chance to crack the current passwords would already include an amount of traffic to the Wikimedia servers amounting ot a Denial of Service attack.