[Mailman-Developers] automatically generated password too complicated?
Gerhard Gonter
gonter@maestria.wu-wien.ac.at
Tue, 20 Apr 1999 20:21:54 +0200 (MES)
Some of our users complained about the automatically generated
passwords that are sent out when a list is imported or if an admin
subscribes someone. Especially the ` and ^ characters are major
problem because these may be treated as parts of composite characters
in some enviroments (` followed by a might be displayed as the same
character as à in HTML) and so on. Also, upper case characters
impose an extra mental burden ;)
Anyway, I modified our Mailman which now has a function (method?)
Utils.GetRandomPassword(length)
which generates passwords of the given length with a restricted
alphabet, namely: a-x, 2-9, excluding characters o and l as well
as digits 0 and 1 which may be confused and y, z (german keyboards
swap these, in the past, this cause trouble too ;)
I would like to offer this patch unless there are good reasons why this
should be avoided. The main concern is certainly a higher risk to
crack such passwords (only 30 possibilities instead of 64) but this
could easly be matched by using 5 character passwords:
possibilities strength
---------------------------
64^4 = 16777216 1
30^4 = 810000 0.05
30^5 = 24300000 1.45
As far as I have seen, this patch involves replacing certain calls to
GetRandomSeed in a few places such as:
bin/add_members, Mailman/Cgi/admin.py, Mailman/MailCommandHandler.py
Any comment?
+gg
--
Gerhard.Gonter@wu-wien.ac.at Fax: +43/1/31336/702 g.gonter@ieee.org
Zentrum fuer Informatikdienste, Wirtschaftsuniversitaet Wien, Austria