[Django] #29274: Update the password list used by CommonPasswordValidator to a more recent list

[Django]

#29274: Update the password list used by CommonPasswordValidator to a more recent
list
-------------------------------------+-------------------------------------
Reporter: Brenton | Owner: nobody
Cleeland |
Type: New | Status: new
feature |
Component: | Version: 2.0
contrib.auth | Keywords:
Severity: Normal | CommonPasswordValidator
Triage Stage: | Has patch: 0
Unreviewed |
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------+-------------------------------------
There is a recently released list of common passwords from Troy Hunt /
Have I Been Pwned that could be used as a basis for the
CommonPasswordValidator.

Most of the top 20k have been unhashed and made available here by Royce
Williams:
https://gist.github.com/roycewilliams/281ce539915a947a23db17137d91aeb7

My suggestion would be to use this complete list, but I'd be open to using
a smaller subset if the community would prefer.

--
Ticket URL: <https://code.djangoproject.com/ticket/29274>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

[Django]

#29274: Update the password list used by CommonPasswordValidator to a more recent
list
-------------------------------------+-------------------------------------

Reporter: Brenton Cleeland | Owner: nobody
Type: | Status: new
Cleanup/optimization |
Component: contrib.auth | Version: 2.0
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
CommonPasswordValidator |
Has patch: 0 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------

Changes (by Tim Graham):

* type: New feature => Cleanup/optimization
* stage: Unreviewed => Accepted

Comment:

[https://groups.google.com/d/topic/django-
developers/oMWLVK5kTpI/discussion django-developers discussion]

--
Ticket URL: <https://code.djangoproject.com/ticket/29274#comment:1>

[Django]

#29274: Update the password list used by CommonPasswordValidator to a more recent
list
-------------------------------------+-------------------------------------

Reporter: Brenton Cleeland | Owner: jfushada
Type: | Status: assigned

Cleanup/optimization |
Component: contrib.auth | Version: 2.0
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
CommonPasswordValidator |

Has patch: 0 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------

Changes (by jfushada):

* owner: nobody => jfushada
* status: new => assigned

--
Ticket URL: <https://code.djangoproject.com/ticket/29274#comment:2>

[Django]

#29274: Update the password list used by CommonPasswordValidator to a more recent
list
-------------------------------------+-------------------------------------

Reporter: Brenton Cleeland | Owner: Jessica

Type: | Status: assigned
Cleanup/optimization |
Component: contrib.auth | Version: 2.0
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
CommonPasswordValidator |

Has patch: 0 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------

Comment (by Jessica):

Hello! I'm Jessica, the assignee to this ticket. I am speaking on behalf
of a group of newbies contributing to open source projects.
I was looking at the list of 20k passwords by Royce Williams, and there
were 40 that were something like "$HEX[d0bfd197d5]". When I parsed them,
nothing legible came out of it. I was wondering if this was an error on
the list or was it intentional?

--
Ticket URL: <https://code.djangoproject.com/ticket/29274#comment:3>

[Django]

#29274: Update the password list used by CommonPasswordValidator to a more recent
list
-------------------------------------+-------------------------------------

Reporter: Brenton Cleeland | Owner: Jessica
Type: | Status: assigned
Cleanup/optimization |
Component: contrib.auth | Version: 2.0
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
CommonPasswordValidator |

Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------

Changes (by Jessica):

* has_patch: 0 => 1

--
Ticket URL: <https://code.djangoproject.com/ticket/29274#comment:4>

[Django]

#29274: Update the password list used by CommonPasswordValidator to a more recent
list
-------------------------------------+-------------------------------------

Reporter: Brenton Cleeland | Owner: Jessica

Type: | Status: closed

Cleanup/optimization |
Component: contrib.auth | Version: 2.0

Severity: Normal | Resolution: fixed

Keywords: | Triage Stage: Accepted
CommonPasswordValidator |

Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------

Changes (by Tim Graham <timograham@…>):

* status: assigned => closed
* resolution: => fixed

Comment:

In [changeset:"93331877c81c1c6641b163b97813268f483ede4b" 9333187]:
{{{
#!CommitTicketReference repository=""
revision="93331877c81c1c6641b163b97813268f483ede4b"
Fixed #29274 -- Increased the number of common passwords from 1k to 20k.
}}}

--
Ticket URL: <https://code.djangoproject.com/ticket/29274#comment:5>