Make WordPress Core

Opened 4 years ago

Last modified 3 years ago

#51702 new feature request

Warn of potentially poor/insecure password generation

Reported by: desrosj's profile desrosj Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Site Health Keywords: 2nd-opinion
Focuses: Cc:


wp_generate_password() is responsible for generating random strings for many things in core. To name a few, Application Passwords, Core salts (as a fallback), random file names (Privacy), default user passwords, and more. Each scenario passes the length of the desired generated string, and whether to include 2 different sets of special characters.

In addition to being fully pluggable, there is a random_password filter within wp_generate_password() that can alter the result of the generated password. The $length field should always be respected and wp_generate_password() should never return a string shorter than requested. If this does happen, the user should be made aware that potentially insecure strings are being generated so that they can attempt to fix this.

Change History (3)

#1 @ayeshrajans
4 years ago

I think this is a great idea. I would also like to suggest that the site tries to fetch some random bytes using random_int. PHP refuses to return any value if there is no cryptographically secure random number generator, so if we get an exception, it's a good sign that we are using our own dice to get the random numbers.

This ticket was mentioned in Slack in #core-test by desrosj. View the logs.

3 years ago

#3 @desrosj
3 years ago

Related: #40046.

I'm not sure if a filter to control the password length as suggested in #40046 should be added as it would allow sites to promote poor password techniques. If it is added, then this suggested test should also detect when the length argument is filtered to a potentially insecure number of characters.

Note: See TracTickets for help on using tickets.