connect icon indicating copy to clipboard operation
connect copied to clipboard

Published 20 hours ago verified publisher icon anvilresearch

Password validation fails for strong password

Open PetrSnobelt opened this issue 7 years ago • 4 comments

Hi, I try register user with password aaaaBBCB7C and it fails with "Password must be complex" message. But when I try it in onlinedemo on http://mel.lt/ it returns The password you entered is decent. Mellt estimates 159 days to crack

What's wrong? My config don't contain daysToCrack value and I using version: 0.1.59

PetrSnobelt avatar Nov 28 '16 15:11 PetrSnobelt

I'm guessing our default daysToCrack value is a little aggressive. It defaults to 14, which doesn't seem to correspond to any estimate for a given password. Try a smaller value in your config.

christiansmith avatar Nov 28 '16 17:11 christiansmith

Hi Christian, on metl homepage it estimate 159 days which is much higher then default 14, isn't it?

I'm fine with 14 days, but in my UI I use metl directly for quick response and this password pass, but when I send it to anvil it fails.

PetrSnobelt avatar Nov 28 '16 19:11 PetrSnobelt

Confusing as it is, I'm not sure there's a direct relationship between this configurable threshold and their estimate of how long a given password should take to crack.

christiansmith avatar Nov 28 '16 20:11 christiansmith

It seems to be a bug in node.js version of mellt. I have filled issue https://github.com/ravisorg/Mellt/issues/10

tomec-martin avatar Feb 01 '17 17:02 tomec-martin