Opened 4 months ago
Last modified 4 months ago
#51702 new feature request
Warn of potentially poor/insecure password generation
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | |
Component: | Site Health | Keywords: | 2nd-opinion |
Focuses: | Cc: |
Description
wp_generate_password()
is responsible for generating random strings for many things in core. To name a few, Application Passwords, Core salts (as a fallback), random file names (Privacy), default user passwords, and more. Each scenario passes the length of the desired generated string, and whether to include 2 different sets of special characters.
In addition to being fully pluggable, there is a random_password
filter within wp_generate_password()
that can alter the result of the generated password. The $length
field should always be respected and wp_generate_password()
should never return a string shorter than requested. If this does happen, the user should be made aware that potentially insecure strings are being generated so that they can attempt to fix this.
I think this is a great idea. I would also like to suggest that the site tries to fetch some random bytes using
random_int
. PHP refuses to return any value if there is no cryptographically secure random number generator, so if we get an exception, it's a good sign that we are using our own dice to get the random numbers.