The password length is whatever $wgMinimalPasswordLength is set to, and according to DefaultSettings.php it's 1 :P. Maybe we should increase the length of passwords from User::randomPassword.
- Security: Because the temporary password is being entered by the user it
ends up being much shorter than it should be. The temporary passwords have really low entropy and if we expired them any later than we do now it would theoretically be possible to brute force a password reset. Frankly right now if someone was persistent enough to brute force randomly and make a second reset after the first expires they may actually have a sane enough chance at brute forcing into an account.
Ah I see, so in the end it's pretty much about brute force attacks. Well what we can do (in order to avoid schema changes), is keep the newpassword field, increase temporary password lengths to something like 64, and then shift the Special:ResetPassword and User::mailPasswordInternal logic to use URLs instead of entering the password manually.
*--* *Tyler Romeo* Stevens Institute of Technology, Class of 2015 Major in Computer Science www.whizkidztech.com | tylerromeo@gmail.com
On Fri, Aug 24, 2012 at 1:59 PM, Thomas Morton <morton.thomas@googlemail.com
wrote:
n 24 August 2012 18:57, Tyler Romeo tylerromeo@gmail.com wrote:
Yes, but that's only increased convenience. I'm wondering exactly what security implications there are to our current system v. a token reset system.
*--* *Tyler Romeo* Stevens Institute of Technology, Class of 2015 Major in Computer Science www.whizkidztech.com | tylerromeo@gmail.com
How long is the generated password? Might be a brute force vulnerability.
Tom _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l