Some quick testing of the output of User::randomPassword() shows that by default output is generated in the range 0 to 7vvvvvvvvv. With a default configuration all passwords should be 10 characters; instead passwords of 9 or fewer characters are easily generated every few thousand invocations of the method -- in very rare cases, the method might generate a password just one single character long.
Ideally, this method should always return $wgMinimalPasswordLength characters (10 by default) -- in the range 0000000000 to vvvvvvvvvv
- master -
- 1.23 - 1.26 -