From bugzilla-daemon@bugs.koha-community.org Wed Sep 30 02:46:58 2020
From: bugzilla-daemon@bugs.koha-community.org
To: koha-bugs@lists.koha-community.org
Subject: [Koha-bugs] [Bug 12617] Koha should let admins to configure
automatically generated password complexity/difficulty
Date: Wed, 30 Sep 2020 00:46:57 +0000
Message-ID:
In-Reply-To:
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============1769712783940346373=="
--===============1769712783940346373==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=3D12617
--- Comment #21 from David Cook ---
The following is incomplete but could be useful for testing individual
characters (you'd just have to iterate through the password string).=20
Tangentially, Chinese characters will pass both the "is_upper" and "is_lower"
case tests. In terms of pam_cracklib, it seems that Chinese characters would
give uppercase credits but not lowercase credits (since a character can only =
be
classed with 1 class).=20
Unfortunately, special characters also pass the "is_upper" and "is_lower"
tests, so that algorithm isn't really good enough. THat said, C implementatio=
ns
for isupper is super problematic too as they're ASCII based...
(https://git.musl-libc.org/cgit/musl/tree/include/ctype.h).=20
But I guess that goes back to supporting ASCII-only passwords...=20
--=20
You are receiving this mail because:
You are watching all bug changes.
--===============1769712783940346373==--