Opened 2 years ago
Closed 2 years ago
#34056 closed Cleanup/optimization (fixed)
Update the deprecated password list used by CommonPasswordValidator to a more recent list
| Reported by: | Paolo Melchiorre | Owned by: | Paolo Melchiorre |
|---|---|---|---|
| Component: | contrib.auth | Version: | dev |
| Severity: | Normal | Keywords: | CommonPasswordValidator |
| Cc: | Triage Stage: | Ready for checkin | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description (last modified by )
The current file used to populate the list of common passwords used by CommonPasswordValidator is deprecated since May 2022:
https://gist.github.com/roycewilliams/281ce539915a947a23db17137d91aeb7/revisions#diff-b92271fc57fc0e876a5a8f8cf65614283ba35f94a14269332081a5c6f3adfd50
As suggested in the deprecated file a new version of the list is available:
https://gist.github.com/roycewilliams/226886fd01572964e1431ac8afc999ce
This is the command line I used to download and extract the list of password from the original gist:
$ curl https://gist.githubusercontent.com/roycewilliams/226886fd01572964e1431ac8afc999ce/raw/7e4f976f31f6f9bbd54781c7792f8272fb2fd613/pwnedpasswords-v6-top20k.txt | csvtool drop 49 - | csvtool col 3 -t : - | uconv -x lower | gzip -9 > common-passwords.txt.gz
Change History (5)
comment:1 by , 2 years ago
| Has patch: | set |
|---|
comment:2 by , 2 years ago
| Description: | modified (diff) |
|---|
comment:3 by , 2 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
| Triage Stage: | Unreviewed → Accepted |
| Type: | Bug → Cleanup/optimization |
comment:4 by , 2 years ago
| Triage Stage: | Accepted → Ready for checkin |
|---|
Note:
See TracTickets
for help on using tickets.
I've created a PR https://github.com/django/django/pull/16127