Opened 4 years ago
Last modified 3 years ago
#51702 new feature request
Warn of potentially poor/insecure password generation
Reported by: | desrosj | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | |
Component: | Site Health | Keywords: | 2nd-opinion |
Focuses: | Cc: |
Description
wp_generate_password()
is responsible for generating random strings for many things in core. To name a few, Application Passwords, Core salts (as a fallback), random file names (Privacy), default user passwords, and more. Each scenario passes the length of the desired generated string, and whether to include 2 different sets of special characters.
In addition to being fully pluggable, there is a random_password
filter within wp_generate_password()
that can alter the result of the generated password. The $length
field should always be respected and wp_generate_password()
should never return a string shorter than requested. If this does happen, the user should be made aware that potentially insecure strings are being generated so that they can attempt to fix this.
Change History (3)
This ticket was mentioned in Slack in #core-test by desrosj. View the logs.
3 years ago
#3
@
3 years ago
Related: #40046.
I'm not sure if a filter to control the password length as suggested in #40046 should be added as it would allow sites to promote poor password techniques. If it is added, then this suggested test should also detect when the length argument is filtered to a potentially insecure number of characters.
I think this is a great idea. I would also like to suggest that the site tries to fetch some random bytes using
random_int
. PHP refuses to return any value if there is no cryptographically secure random number generator, so if we get an exception, it's a good sign that we are using our own dice to get the random numbers.