[Django] #34056: Update the deprecated password list used by CommonPasswordValidator to a more recent list

10 views
Skip to first unread message

Django

unread,
Sep 27, 2022, 5:05:22 PM9/27/22
to django-...@googlegroups.com
#34056: Update the deprecated password list used by CommonPasswordValidator to a
more recent list
-------------------------------------+-------------------------------------
Reporter: Paolo | Owner: nobody
Melchiorre |
Type: Bug | Status: new
Component: | Version: dev
contrib.auth | Keywords:
Severity: Normal | CommonPasswordValidator
Triage Stage: | Has patch: 0
Unreviewed |
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------+-------------------------------------
The current file used to populate the list of common passwords used by
CommonPasswordValidator is deprecated since May 2022:
https://gist.github.com/roycewilliams/281ce539915a947a23db17137d91aeb7/revisions
#diff-b92271fc57fc0e876a5a8f8cf65614283ba35f94a14269332081a5c6f3adfd50

As suggested in the deprecated file a new version of the list is
available:
https://gist.github.com/roycewilliams/226886fd01572964e1431ac8afc999ce

This is the command line I used to download and extract the list of
password from the original gist:
{{{
$ curl
https://gist.githubusercontent.com/roycewilliams/226886fd01572964e1431ac8afc999ce/raw/7e4f976f31f6f9bbd54781c7792f8272fb2fd613/pwnedpasswords-v6-top20k.txt
| csvtool drop 49 - | csvtool col 3 -t : - | gzip -9 > common-
passwords.txt.gz
}}}

--
Ticket URL: <https://code.djangoproject.com/ticket/34056>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

Django

unread,
Sep 27, 2022, 5:20:10 PM9/27/22
to django-...@googlegroups.com
#34056: Update the deprecated password list used by CommonPasswordValidator to a
more recent list
-------------------------------------+-------------------------------------
Reporter: Paolo Melchiorre | Owner: nobody
Type: Bug | Status: new
Component: contrib.auth | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage:
CommonPasswordValidator | Unreviewed
Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Paolo Melchiorre):

* has_patch: 0 => 1


Comment:

I've created a PR https://github.com/django/django/pull/16127

--
Ticket URL: <https://code.djangoproject.com/ticket/34056#comment:1>

Django

unread,
Sep 27, 2022, 6:24:51 PM9/27/22
to django-...@googlegroups.com
#34056: Update the deprecated password list used by CommonPasswordValidator to a
more recent list
-------------------------------------+-------------------------------------
Reporter: Paolo Melchiorre | Owner: nobody
Type: Bug | Status: new
Component: contrib.auth | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage:
CommonPasswordValidator | Unreviewed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Description changed by Paolo Melchiorre:

Old description:

> The current file used to populate the list of common passwords used by
> CommonPasswordValidator is deprecated since May 2022:
> https://gist.github.com/roycewilliams/281ce539915a947a23db17137d91aeb7/revisions
> #diff-b92271fc57fc0e876a5a8f8cf65614283ba35f94a14269332081a5c6f3adfd50
>
> As suggested in the deprecated file a new version of the list is
> available:
> https://gist.github.com/roycewilliams/226886fd01572964e1431ac8afc999ce
>
> This is the command line I used to download and extract the list of
> password from the original gist:
> {{{
> $ curl
> https://gist.githubusercontent.com/roycewilliams/226886fd01572964e1431ac8afc999ce/raw/7e4f976f31f6f9bbd54781c7792f8272fb2fd613/pwnedpasswords-v6-top20k.txt
> | csvtool drop 49 - | csvtool col 3 -t : - | gzip -9 > common-
> passwords.txt.gz
> }}}

New description:

The current file used to populate the list of common passwords used by
CommonPasswordValidator is deprecated since May 2022:
https://gist.github.com/roycewilliams/281ce539915a947a23db17137d91aeb7/revisions
#diff-b92271fc57fc0e876a5a8f8cf65614283ba35f94a14269332081a5c6f3adfd50

As suggested in the deprecated file a new version of the list is
available:
https://gist.github.com/roycewilliams/226886fd01572964e1431ac8afc999ce

This is the command line I used to download and extract the list of
password from the original gist:
{{{
$ curl
https://gist.githubusercontent.com/roycewilliams/226886fd01572964e1431ac8afc999ce/raw/7e4f976f31f6f9bbd54781c7792f8272fb2fd613/pwnedpasswords-v6-top20k.txt

| csvtool drop 49 - | csvtool col 3 -t : - | uconv -x lower | gzip -9 >
common-passwords.txt.gz
}}}

--

--
Ticket URL: <https://code.djangoproject.com/ticket/34056#comment:2>

Django

unread,
Sep 28, 2022, 2:02:59 AM9/28/22
to django-...@googlegroups.com
#34056: Update the deprecated password list used by CommonPasswordValidator to a
more recent list
-------------------------------------+-------------------------------------
Reporter: Paolo Melchiorre | Owner: Paolo
Type: | Melchiorre
Cleanup/optimization | Status: assigned

Component: contrib.auth | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
CommonPasswordValidator |

Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Mariusz Felisiak):

* owner: nobody => Paolo Melchiorre
* status: new => assigned
* type: Bug => Cleanup/optimization
* stage: Unreviewed => Accepted


--
Ticket URL: <https://code.djangoproject.com/ticket/34056#comment:3>

Django

unread,
Sep 28, 2022, 8:50:57 AM9/28/22
to django-...@googlegroups.com
#34056: Update the deprecated password list used by CommonPasswordValidator to a
more recent list
-------------------------------------+-------------------------------------
Reporter: Paolo Melchiorre | Owner: Paolo
Type: | Melchiorre
Cleanup/optimization | Status: assigned
Component: contrib.auth | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Ready for
CommonPasswordValidator | checkin

Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Mariusz Felisiak):

* stage: Accepted => Ready for checkin


--
Ticket URL: <https://code.djangoproject.com/ticket/34056#comment:4>

Django

unread,
Sep 28, 2022, 1:25:46 PM9/28/22
to django-...@googlegroups.com
#34056: Update the deprecated password list used by CommonPasswordValidator to a
more recent list
-------------------------------------+-------------------------------------
Reporter: Paolo Melchiorre | Owner: Paolo
Type: | Melchiorre
Cleanup/optimization | Status: closed
Component: contrib.auth | Version: dev
Severity: Normal | Resolution: fixed

Keywords: | Triage Stage: Ready for
CommonPasswordValidator | checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Mariusz Felisiak <felisiak.mariusz@…>):

* status: assigned => closed
* resolution: => fixed


Comment:

In [changeset:"fa3afc5d86f1f040922cca2029d6a34301597a70" fa3afc5d]:
{{{
#!CommitTicketReference repository=""
revision="fa3afc5d86f1f040922cca2029d6a34301597a70"
Fixed #34056 -- Updated the list of common passwords for
CommonPasswordValidator.
}}}

--
Ticket URL: <https://code.djangoproject.com/ticket/34056#comment:5>

Reply all
Reply to author
Forward
0 new messages