Monday 04 July 2011 7:20:18 am
@Gabriel - I think you're right. Well, then, mbpaex doesn't do anything to ensure the password is not too easy... it just expires the passwords at a given interval. I still don't think this would be that hard to implement. Basically check to see that the password is not the same as the login, or a variation of the the login - i.e. login12 or nigol, then maybe check the hash against a rainbow table of dictionary words (and that should be generated with multiple interchangeable dictionaries for different languages - I would start with a dictionary of the 500 most common passwords). Then maybe also check with a regular expression whether there is at least one of each: punctuation character, number, letter of each case. There is already a length check built-in. Actually, if anyone wants to pay me to write this, message me.
Certified eZPublish developer
http://ez.no/certification/verify/396111
Available for ezpublish troubleshooting, hosting and custom extension development: http://www.leidentech.com
|