Homec4science

Add a common password blacklist

Authored by epriestley <git@epriestley.com> on Jan 23 2014, 23:01.

Description

Add a common password blacklist

Summary:
Fixes T4143. This mitigates the "use a botnet to slowly try to login to every user account using the passwords '1234', 'password', 'asdfasdf', ..." attack, like the one that hit GitHub.

(I also donated some money to Openwall as a thanks for compiling this wordlist.)

Test Plan:

  • Tried to register with a weak password; registered with a strong password.
  • Tried to set VCS password to a weak password; set VCS password to a strong password.
  • Tried to change password to a weak password; changed password to a strong password.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, chad

Maniphest Tasks: T4143

Differential Revision: https://secure.phabricator.com/D8048

Details

Committed
epriestley <git@epriestley.com>Jan 23 2014, 23:01
Pushed
aubortJan 31 2017, 17:16
Parents
rPH1a964f71bb0d: Disable SimpleXML entity loader in Phabricator
Branches
Unknown
Tags
Unknown

Event Timeline

epriestley <git@epriestley.com> committed rPH02aa193cb05e: Add a common password blacklist (authored by epriestley <git@epriestley.com>).Jan 23 2014, 23:01