user defined password generator callbacks

Question

user defined password generator callbacks

scones opened this issue 7 years ago · comments

Hello Development-Team,

I'd like to see the feature, where i can set a user defined password generator, as the 5 4-byte chunks are neither secure, nor memorizable.
As tastes go, everyone has one, so i'd prefer to define my own password generator callback, that just returns the password.

George Stephanis · Answer 1 · Fri Dec 14 2018 01:58:08 GMT+0800 (China Standard Time)

We've addressed the entropy here: #34 -- the passwords aren't meant to be memorizable -- merely set once in an application and never remembered. The entropy is sufficiently high to be 'boring' crypto.

https://twitter.com/CiPHPerCoder/status/713592981559881728

George Stephanis · Answer 2 · Fri Dec 14 2018 02:01:01 GMT+0800 (China Standard Time)

Also, we're using the core wp_generate_password() method which is a pluggable function and can be redefined if desired --

https://github.com/WordPress/WordPress/blob/bfc53e6a52fa837f700c59d46911aab727985689/wp-includes/pluggable.php#L2350-L2389