Opened 2 years ago
Closed 2 years ago
#34056 closed Cleanup/optimization (fixed)
Update the deprecated password list used by CommonPasswordValidator to a more recent list
Reported by: | Paolo Melchiorre | Owned by: | Paolo Melchiorre |
---|---|---|---|
Component: | contrib.auth | Version: | dev |
Severity: | Normal | Keywords: | CommonPasswordValidator |
Cc: | Triage Stage: | Ready for checkin | |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description (last modified by )
The current file used to populate the list of common passwords used by CommonPasswordValidator is deprecated since May 2022:
https://gist.github.com/roycewilliams/281ce539915a947a23db17137d91aeb7/revisions#diff-b92271fc57fc0e876a5a8f8cf65614283ba35f94a14269332081a5c6f3adfd50
As suggested in the deprecated file a new version of the list is available:
https://gist.github.com/roycewilliams/226886fd01572964e1431ac8afc999ce
This is the command line I used to download and extract the list of password from the original gist:
$ curl https://gist.githubusercontent.com/roycewilliams/226886fd01572964e1431ac8afc999ce/raw/7e4f976f31f6f9bbd54781c7792f8272fb2fd613/pwnedpasswords-v6-top20k.txt | csvtool drop 49 - | csvtool col 3 -t : - | uconv -x lower | gzip -9 > common-passwords.txt.gz
Change History (5)
comment:1 by , 2 years ago
Has patch: | set |
---|
comment:2 by , 2 years ago
Description: | modified (diff) |
---|
comment:3 by , 2 years ago
Owner: | changed from | to
---|---|
Status: | new → assigned |
Triage Stage: | Unreviewed → Accepted |
Type: | Bug → Cleanup/optimization |
comment:4 by , 2 years ago
Triage Stage: | Accepted → Ready for checkin |
---|
I've created a PR https://github.com/django/django/pull/16127