From bugzilla-daemon@bugs.koha-community.org Wed Sep 30 02:46:58 2020 From: bugzilla-daemon@bugs.koha-community.org To: koha-bugs@lists.koha-community.org Subject: [Koha-bugs] [Bug 12617] Koha should let admins to configure automatically generated password complexity/difficulty Date: Wed, 30 Sep 2020 00:46:57 +0000 Message-ID: In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============1769712783940346373==" --===============1769712783940346373== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=3D12617 --- Comment #21 from David Cook --- The following is incomplete but could be useful for testing individual characters (you'd just have to iterate through the password string).=20 Tangentially, Chinese characters will pass both the "is_upper" and "is_lower" case tests. In terms of pam_cracklib, it seems that Chinese characters would give uppercase credits but not lowercase credits (since a character can only = be classed with 1 class).=20 Unfortunately, special characters also pass the "is_upper" and "is_lower" tests, so that algorithm isn't really good enough. THat said, C implementatio= ns for isupper is super problematic too as they're ASCII based... (https://git.musl-libc.org/cgit/musl/tree/include/ctype.h).=20 But I guess that goes back to supporting ASCII-only passwords...=20 --=20 You are receiving this mail because: You are watching all bug changes. --===============1769712783940346373==--