Random Password generator too weak

Hello,

I recently create a new user on the brand new version of Seafile server, and I’m very surprised by the weaknes of the password …
Only 8 caracteres … In 2016 the minimum is 10 / 12 + special symbols like :

 / * = @ ' : + - ? % $ {  } (  ) ^  ~ 

1 Like

I will look into it in the next week.

2 Likes

HI!

a bit late, but did you change these settings in seahub_settings according to http://manual.seafile.com/config/seahub_settings_py.html ?

# mininum length for user's password
USER_PASSWORD_MIN_LENGTH = 6

# LEVEL based on four types of input:
# num, upper letter, lower letter, other symbols
# '3' means password must have at least 3 types of the above.
USER_PASSWORD_STRENGTH_LEVEL = 3

# default False, only check USER_PASSWORD_MIN_LENGTH
# when True, check password strength level, STRONG(or above) is allowed
USER_STRONG_PASSWORD_REQUIRED = False

In my opinion this does not help. We have enabled these features but the generator is still not using no special symbols.

Here find a calculator of password’s strength : http://www.ssi.gouv.fr/administration/precautions-elementaires/calculer-la-force-dun-mot-de-passe/

  • Put the number of characters in “Longueur” length
  • Change data in the field “Alphabet” and then “Calculer la force” for the result.
    Actually 8 characters 62 symboles is only 48 bits …

Basicaly, the strength of the password is based on the number of characters.
As you can see, you must have 20 characters based on the 90 alphabet to reach the basic standard AES128.

1 Like