Skip to content
This repository has been archived by the owner on Feb 25, 2019. It is now read-only.

Password validation fails for strong password #358

Open
PetrSnobelt opened this issue Nov 28, 2016 · 4 comments
Open

Password validation fails for strong password #358

PetrSnobelt opened this issue Nov 28, 2016 · 4 comments

Comments

@PetrSnobelt
Copy link

Hi, I try register user with password aaaaBBCB7C and it fails with "Password must be complex" message.
But when I try it in onlinedemo on http://mel.lt/ it returns The password you entered is decent. Mellt estimates 159 days to crack

What's wrong?
My config don't contain daysToCrack value and I using version: 0.1.59

@christiansmith
Copy link
Member

I'm guessing our default daysToCrack value is a little aggressive. It defaults to 14, which doesn't seem to correspond to any estimate for a given password. Try a smaller value in your config.

@PetrSnobelt
Copy link
Author

Hi Christian, on metl homepage it estimate 159 days which is much higher then default 14, isn't it?

I'm fine with 14 days, but in my UI I use metl directly for quick response and this password pass, but when I send it to anvil it fails.

@christiansmith
Copy link
Member

Confusing as it is, I'm not sure there's a direct relationship between this configurable threshold and their estimate of how long a given password should take to crack.

@tomec-martin
Copy link

It seems to be a bug in node.js version of mellt. I have filled issue ravisorg/Mellt#10

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants