From f2a2b34e4639e88f8d948a388a51f010212b42a3 Mon Sep 17 00:00:00 2001
From: Fabrizio Steiner <fabrizio.steiner@gmail.com>
Date: Sun, 7 May 2017 23:10:02 +0200
Subject: Increase device password entropy. Use lower- and upper-case
 characters and digits, but exclude ambiguous characters. The number of digits
 has also been increased to 25.

Signed-off-by: Fabrizio Steiner <fabrizio.steiner@gmail.com>
---
 settings/Controller/AuthSettingsController.php | 8 ++++----
 settings/css/settings.css                      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

(limited to 'settings')

diff --git a/settings/Controller/AuthSettingsController.php b/settings/Controller/AuthSettingsController.php
index 57192e119a9..7bb8a6654e6 100644
--- a/settings/Controller/AuthSettingsController.php
+++ b/settings/Controller/AuthSettingsController.php
@@ -154,16 +154,16 @@ class AuthSettingsController extends Controller {
 	}
 
 	/**
-	 * Return a 20 digit device password
+	 * Return a 25 digit device password
 	 *
-	 * Example: ABCDE-FGHIJ-KLMNO-PQRST
+	 * Example: AbCdE-fGhIj-KlMnO-pQrSt-12345
 	 *
 	 * @return string
 	 */
 	private function generateRandomDeviceToken() {
 		$groups = [];
-		for ($i = 0; $i < 4; $i++) {
-			$groups[] = $this->random->generate(5, implode('', range('A', 'Z')));
+		for ($i = 0; $i < 5; $i++) {
+			$groups[] = $this->random->generate(5, ISecureRandom::CHAR_HUMAN_READABLE);
 		}
 		return implode('-', $groups);
 	}
diff --git a/settings/css/settings.css b/settings/css/settings.css
index 0777f7e4cf4..acd8ce8e47c 100644
--- a/settings/css/settings.css
+++ b/settings/css/settings.css
@@ -343,7 +343,7 @@ table.nostyle td { padding: 0.2em 0; }
 
 #new-app-login-name,
 #new-app-password {
-	width: 186px;
+	width: 245px;
 	font-family: monospace;
 	background-color: lightyellow;
 }
-- 
cgit v1.2.3