| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Currently has 851 million password hashes, taking about 8G of space with
the current approach. It's simple and fast, so should be worth it.
inb4 complains about "why can't I use my password anymore!?"
|
|
Since the database format can't handle it.
|
|
This affects the following:
- API login with a weak password is disallowed, affected users will have
to change their password through the website to continue using the API.
- Registration, password reset or password change forms require the new
password to not be in the dictionary.
- Attempting to log in to the website with a weak password will
force-redirect to a password change form, allowing a new password to
be set (using the weak-but-still-valid password as check).
|
