Opened 4 months ago
Last modified 4 months ago
#51702 new feature request
Warn of potentially poor/insecure password generation
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Awaiting Review | Priority: | normal |
| Severity: | normal | Version: | |
| Component: | Site Health | Keywords: | 2nd-opinion |
| Focuses: | Cc: |
Description
wp_generate_password() is responsible for generating random strings for many things in core. To name a few, Application Passwords, Core salts (as a fallback), random file names (Privacy), default user passwords, and more. Each scenario passes the length of the desired generated string, and whether to include 2 different sets of special characters.
In addition to being fully pluggable, there is a random_password filter within wp_generate_password() that can alter the result of the generated password. The $length field should always be respected and wp_generate_password() should never return a string shorter than requested. If this does happen, the user should be made aware that potentially insecure strings are being generated so that they can attempt to fix this.
I think this is a great idea. I would also like to suggest that the site tries to fetch some random bytes using
random_int. PHP refuses to return any value if there is no cryptographically secure random number generator, so if we get an exception, it's a good sign that we are using our own dice to get the random numbers.