Opened 2 years ago

Closed 2 years ago

#34056 closed Cleanup/optimization (fixed)

Update the deprecated password list used by CommonPasswordValidator to a more recent list

Reported by: Paolo Melchiorre Owned by: Paolo Melchiorre
Component: contrib.auth Version: dev
Severity: Normal Keywords: CommonPasswordValidator
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description (last modified by Paolo Melchiorre)

The current file used to populate the list of common passwords used by CommonPasswordValidator is deprecated since May 2022:
https://gist.github.com/roycewilliams/281ce539915a947a23db17137d91aeb7/revisions#diff-b92271fc57fc0e876a5a8f8cf65614283ba35f94a14269332081a5c6f3adfd50

As suggested in the deprecated file a new version of the list is available:
https://gist.github.com/roycewilliams/226886fd01572964e1431ac8afc999ce

This is the command line I used to download and extract the list of password from the original gist:

$ curl https://gist.githubusercontent.com/roycewilliams/226886fd01572964e1431ac8afc999ce/raw/7e4f976f31f6f9bbd54781c7792f8272fb2fd613/pwnedpasswords-v6-top20k.txt | csvtool drop 49 - | csvtool col 3 -t : - | uconv -x lower | gzip -9 > common-passwords.txt.gz

Change History (5)

comment:1 by Paolo Melchiorre, 2 years ago

Has patch: set

comment:2 by Paolo Melchiorre, 2 years ago

Description: modified (diff)

comment:3 by Mariusz Felisiak, 2 years ago

Owner: changed from nobody to Paolo Melchiorre
Status: newassigned
Triage Stage: UnreviewedAccepted
Type: BugCleanup/optimization

comment:4 by Mariusz Felisiak, 2 years ago

Triage Stage: AcceptedReady for checkin

comment:5 by Mariusz Felisiak <felisiak.mariusz@…>, 2 years ago

Resolution: fixed
Status: assignedclosed

In fa3afc5d:

Fixed #34056 -- Updated the list of common passwords for CommonPasswordValidator.

Note: See TracTickets for help on using tickets.
Back to Top