User talk:RICARDO Gomes de Paiva DE FARIA
Welcome!
Welcome to the Citizendium! We hope you will contribute boldly and well. Here are pointers for a quick start. You'll probably want to know how to get started as an author. Just look at CZ:Getting Started for other helpful "startup" links, and CZ:Home for the top menu of community pages. Be sure to stay abreast of events via the Citizendium-L (broadcast) mailing list (do join!) and the blog. Please also join the workgroup mailing list(s) that concern your particular interests. You can test out editing in the sandbox if you'd like. If you need help to get going, the forums is one option. That's also where we discuss policy and proposals. You can ask any constable for help, too. Me, for instance! Just put a note on their "talk" page. Again, welcome and have fun! Hayford Peirce 14:31, 4 July 2009 (UTC)
password size
Caesar replied on my talk page -- you might take a look. Hayford Peirce 15:48, 5 July 2009 (UTC)
CZ Password Maximum Size
Pardon if I am wrong, but after what seems to me to be a due "homework", I still fail to see any mention throughout CZ on how big a password may be here.
(As I use a 30 ASCII caracter password my concern is that same may be "being cut" after an eventual existing maximum size limit at CZ - say after its 25th caracter - or if this 30 caracter size "is acceptable".)
- Should safety dictates that this matter cannot be addressed herein, I kindly ask guidance via email to <ricardodefaria@ricardodefaria.com>.
Thank you for your duly noted and most appreciated time and attention (as well as for your acceptance of my account request at CZ). RICARDO Gomes de Paiva DE FARIA 02:41, 5 July 2009 (UTC)
- Hayford has asked me to look at this, but to be honest, I don't know the answer. I'm not aware of a limit or what it is if there is one. I'd guess that the maximum would be well over the 30 characters which you mention - perhaps 128 or 256 characters.
- If you're worried that your password will be trimmed, I would say that that is very unlikely - whilst MediaWiki is not very good software, I should think it would at least be capable of issuing a warning if a password was over the limit. But I can't say for sure. Sorry! Caesar Schinas 06:03, 5 July 2009 (UTC)
The rationale of my asking is that at Wikipedia I have read somewere that the recommended password size would be 25 caracters maximum. This makes sense if taken into account that in programming one will determine the parameters for both the minimum and maximum integer value - Consider this excerpt from Wikipedia[1]:
(What makes sense if taken into account that in programming one will determine the parameters for both the minimum and maximum integer value.)
"The string @VALUE@ inside this html will be expanded to the current value of this element min: Defines the minimum allowed integer value for PREF_INT_T types max: Defines the maximum allowed integer value for PREF_INT_T types" - The full text of above Wikipedia link is this:
"Parameters name: the name of the preference (the name for the form element) section: the name of the section in the preferences dialog. This should be the internal name used not the displayed name (e.g. 'prefs-misc'). To create a new section, simply use a different name. The actual display text will be whatever is returned using wfMsg(section) so you can set the text by adding the appropriate value to the message cache. type: The type of form element being added. The valid types are the constants PREF_USER_T, PREF_TOGGLE_T, PREF_TEXT_T, PREF_PASSWORD_T, and PREF_INT_T. The default is PREF_USER_T. size: For type=PREF_TEXT_T, PREF_PASSWORD_T, and PREF_INT_T, defines the size of the textbox html: For PREF_USER_T, allows specification of the complete html to be inserted into the preferences form. The string @VALUE@ inside this html will be expanded to the current value of this element min: Defines the minimum allowed integer value for PREF_INT_T types max: Defines the maximum allowed integer value for PREF_INT_T types validate: The name of a function. If defined, for PREF_TEXT_T, PREF_PASSWORD_T, and PREF_USER_T, this function will be called to validate the form value on submission. The function should take one argument (the form value) and return the value that should be used as the submitted value. save: The name of a function. If defined, this function will be called to set the element's value instead of using the default of setting the value via $wgUser->setOption. The function takes two arguments ($name, $value). load: The name of a function. If defined, this function will be called to load an element's value instead of the default using $wgUser->getOption. This function takes one argument $name and should return the value. default: The default value to use for this element in displaying the form."[2]
At Wikipedia one reads: "NIST recommends 80-bits for the most secure passwords, which can nearly be achieved with a 95-character choice (e.g., the original ASCII character set) with a 12-character random password (12 x 6.5 bits= 78).[2]"[3].
Also, consider these lines from Wikipedia login page[4]:
"Secure your account: Consider logging in on the secure server[5]. If your password only contains letters or numbers, please read our article on password strength [6] and consider changing it (in Special:Preferences after you login)[7].
To avoid becoming a victim of phishing, always verify that you are viewing Wikipedia's login page when logging in. Wikipedia will never ask for any information other than your username, password and e-mail address. Do not give out your password to anyone. If your account is compromised, it may be permanently blocked unless you can prove you are its rightful owner. As a safeguard you may "commit" [8] to your identity by adding a cryptographic hash [9] to your user page as instructed here. This makes it almost impossible for an impostor to continue impersonating you once you regain control of your account."
If we could direct this issue to a webmaster's page hereof I sense that same could proper and swiftly answer this in seconds. Most cordially, RICARDO Gomes de Paiva DE FARIA 21:13, 5 July 2009 (UTC)
- Ricardo, with all due respect, this strikes me as "much ado about nothing". Why not simply shorten your Citizendium password? It strikes me that a 30-character password is very much overkill. To the best of my knowledge, CZ has not had any instances of phishing in my 2 years in CZ. If such phishing were to ever take place, one of our Constables could and would put a stop to it very quickly. This is not Wikipedia. Milton Beychok 22:23, 5 July 2009 (UTC)
Thank you: I shall abide to. I just wanted to be certain that I was using the best CZ practices and as CZ concepts and minds came from Wikipedia's I just inferred its parameters were alike: There is no reason to elaborate further than that - Note that my first words above were "Pardon if I am wrong, but after what seems to me to be a due 'homework'" - Again, thank you all!RICARDO Gomes de Paiva DE FARIA 23:38, 5 July 2009 (UTC)