
Some of our users complained about the automatically generated
passwords that are sent out when a list is imported or if an admin
subscribes someone. Especially the and ^ characters are major problem because these may be treated as parts of composite characters in some enviroments (
followed by a might be displayed as the same
character as à in HTML) and so on. Also, upper case characters
impose an extra mental burden ;)
Anyway, I modified our Mailman which now has a function (method?) Utils.GetRandomPassword(length)
which generates passwords of the given length with a restricted alphabet, namely: a-x, 2-9, excluding characters o and l as well as digits 0 and 1 which may be confused and y, z (german keyboards swap these, in the past, this cause trouble too ;)
I would like to offer this patch unless there are good reasons why this should be avoided. The main concern is certainly a higher risk to crack such passwords (only 30 possibilities instead of 64) but this could easly be matched by using 5 character passwords:
possibilities strength
64^4 = 16777216 1 30^4 = 810000 0.05 30^5 = 24300000 1.45
As far as I have seen, this patch involves replacing certain calls to GetRandomSeed in a few places such as: bin/add_members, Mailman/Cgi/admin.py, Mailman/MailCommandHandler.py
Any comment?
+gg
-- Gerhard.Gonter@wu-wien.ac.at Fax: +43/1/31336/702 g.gonter@ieee.org Zentrum fuer Informatikdienste, Wirtschaftsuniversitaet Wien, Austria