Opened 21 months ago

Last modified 21 months ago

#34056 closed Cleanup/optimization

Update the deprecated password list used by CommonPasswordValidator to a more recent list — at Version 2

Reported by: Paolo Melchiorre Owned by: nobody
Component: contrib.auth Version: dev
Severity: Normal Keywords: CommonPasswordValidator
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description (last modified by Paolo Melchiorre)

The current file used to populate the list of common passwords used by CommonPasswordValidator is deprecated since May 2022:
https://gist.github.com/roycewilliams/281ce539915a947a23db17137d91aeb7/revisions#diff-b92271fc57fc0e876a5a8f8cf65614283ba35f94a14269332081a5c6f3adfd50

As suggested in the deprecated file a new version of the list is available:
https://gist.github.com/roycewilliams/226886fd01572964e1431ac8afc999ce

This is the command line I used to download and extract the list of password from the original gist:

$ curl https://gist.githubusercontent.com/roycewilliams/226886fd01572964e1431ac8afc999ce/raw/7e4f976f31f6f9bbd54781c7792f8272fb2fd613/pwnedpasswords-v6-top20k.txt | csvtool drop 49 - | csvtool col 3 -t : - | uconv -x lower | gzip -9 > common-passwords.txt.gz

Change History (2)

comment:1 by Paolo Melchiorre, 21 months ago

Has patch: set

comment:2 by Paolo Melchiorre, 21 months ago

Description: modified (diff)
Note: See TracTickets for help on using tickets.
Back to Top