Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.
Latest post by nicholas on Monday, 16 October 2023 03:44 CDT
Hi there,
my front-end and remote backup features has been disabled automatically, because the Secret Word is insecure.
My Secret Word has been generated by Akeeba:
vQ93XG_1OUrOrwF5fnUCcNTD7M1XTFRE
The new suggested value is:
bMU5UBObdI6NmoG8iHuDgl5JDRwhZLgv
Looks similarly safe to me ;o)
Is that behavior normal?
Thanks in advance!
Regards
Matthias
The security of the secret word is assessed automatically using Complexify. The probability of automatically generating a secret word which does not satisfy the minimum complexity requirement is really, REALLY low but not zero. So, yes, this is normal behaviour, just extremely rare. And I mean rare as in you are the first person in the last better part of a decade since we introduced this feature who ran into this.
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
Hi Nicholas,
so it seems, I'm a very special person - the same happened today on an other installation ;o)
The generated insecure word was: Iwq-uVs-qu_hKVrH2mW14K9mHcaGcLzh
It's again a word with underscore - could that be the reason?
Regards
Matthias
Update:
When I enter a few more than the 32 chars, it works. No more Message...
Am I really the only one?
Regards
Matthias
You really are the only one this has ever happened to. I even tried creating a new site and installing Akeeba Backup 9.8.1 afresh. I can't reproduce your issue. If I let it use an auto-generated secret word there's never a complaint. This is also something I'm doing fairly regularly (several times every week) as I am setting up temporary sites to test features in development, or try to reproduce reported issues. Between that and the number of clients we have, I believe that if it was a bug we'd have definitely run into it over all these years.
The only case I can think that this might not be pure random chance is if PHP's regular expressions are subtly broken on your server, somehow not recognising underscore as valid punctuation. I have never seen that before, that's why I am hesitant to even entertain it as a likely explanation.
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.
Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!
