id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
36179	hexed strings in common passwords database are not handled	Michel Le Bihan	Michel Le Bihan	"Hello,

The common passwords database file (https://github.com/django/django/blob/main/django/contrib/auth/common-passwords.txt.gz) used by CommonPasswordValidator contains hexed strings like `$hex[617364666a6b6c3a]` on line 1679. That decodes to `asdfjkl:` which I believe is a common password that was intended to be included in the database. Another example is `$hex[2623323333363a]` on line 8616 that decodes to `&#2336:`. I see that https://gist.github.com/roycewilliams/226886fd01572964e1431ac8afc999ce contains the line `50334:72aff1cfd90a90fd4174eb6dfdff5df7bbbe7e5b:$HEX[617364666a6b6c3a]` and `echo -n 'asdfjkl:' | sha1sum` produces `72aff1cfd90a90fd4174eb6dfdff5df7bbbe7e5b`. CommonPasswordValidator does not handle those hexed strings which I believe is wrong.

I propose to update the database file to decode the hexed values and remove those that obviously can't be entered by a user."	Bug	closed	contrib.auth	5.1	Normal	fixed	CommonPasswordValidator		Ready for checkin	1	0	0	0	0	0