This repository has been archived by the owner on Jul 27, 2022. It is now read-only.
Problem: (CRO-577) Client allows weak passphrases #705
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
devashishdxt
requested review from
yihuang,
tomtau,
calvinaco,
leejw51crypto,
lezzokafka and
linfeng-crypto
yihuang
reviewed
Dec 19, 2019
yihuang
approved these changes
Dec 19, 2019
|
bors try |
tomtau
approved these changes
Dec 19, 2019
Comment on lines
+195
to
+199
| [[package]] | ||
| name = "bit-vec" | ||
| version = "0.5.1" | ||
| source = "registry+https://github.com/rust-lang/crates.io-index" | ||
|
|
There was a problem hiding this comment.
this one is a bit annoying / bloaty, as there's already bit-vec 0.6.1 (and bitvec).
probably open an issue for another dependency review / cleanup
Comment on lines
112
to
117
| return Err(Error::new( | ||
| ErrorKind::IllegalInput, | ||
| format!( | ||
| "Weak passphrase: {}", | ||
| parse_feedback(password_entropy.feedback().as_ref()) | ||
| ), |
There was a problem hiding this comment.
this is fine, but not sure how annoying it'd be in quick testing -- we'll see, perhaps later there could be a "unsafe_development_only" flag to bypass that
There was a problem hiding this comment.
We can add following code in future to only build this in release builds:
if !cfg!(debug_assertions) {
// Check password score only in non-debug builds
}
tryBuild failed |
|
bors try |
tryBuild failed |
Codecov Report
@@ Coverage Diff @@
## master #705 +/- ##
==========================================
- Coverage 69.69% 69.64% -0.06%
==========================================
Files 131 131
Lines 16742 16767 +25
==========================================
+ Hits 11669 11678 +9
- Misses 5073 5089 +16
|
calvinaco
approved these changes
Dec 19, 2019
|
bors try |
tryBuild failed |
Solution: Estimate password strength using zxcvbn crate. Return Error when password score is less than 3.
|
bors try |
|
bors r+ |
tryBuild failed |
|
This PR was included in a batch with a merge conflict, it will be automatically retried |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Solution: Estimate password strength using
zxcvbncrate. ReturnErrorwhen password score is less than 3.