WordPress.org

Make WordPress Core

Opened 4 months ago

Last modified 4 months ago

#51702 new feature request

Warn of potentially poor/insecure password generation

Reported by: desrosj Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Site Health Keywords: 2nd-opinion
Focuses: Cc:

Description

wp_generate_password() is responsible for generating random strings for many things in core. To name a few, Application Passwords, Core salts (as a fallback), random file names (Privacy), default user passwords, and more. Each scenario passes the length of the desired generated string, and whether to include 2 different sets of special characters.

In addition to being fully pluggable, there is a random_password filter within wp_generate_password() that can alter the result of the generated password. The $length field should always be respected and wp_generate_password() should never return a string shorter than requested. If this does happen, the user should be made aware that potentially insecure strings are being generated so that they can attempt to fix this.

Change History (1)

#1 @ayeshrajans
4 months ago

I think this is a great idea. I would also like to suggest that the site tries to fetch some random bytes using random_int. PHP refuses to return any value if there is no cryptographically secure random number generator, so if we get an exception, it's a good sign that we are using our own dice to get the random numbers.

Note: See TracTickets for help on using tickets.