It appends one character character for each set for a length of 8 character. As long as I am not missing something, the password generator conforms with the moodle password policy by default and disabling the password policy is not necessary.
Moreover, the password_generator uses str_shuffle and array_rand, both of which are not cryptographically secure.
Suggestions:
Remove the Password Policy recommendation from the Documentation
The setups documentation (https://dualcube.com/docs/moowoodle-set-up-guide/#3-toc-title) requires disabling the password policy. This allows moodle users to set arbitrarily unsafe passwords.
The default moodle password policy is the following:
moowoodle creates the passwords in the password generator, using four arrays as a source to pseudo-randomly build the password:
It appends one character character for each set for a length of 8 character. As long as I am not missing something, the password generator conforms with the moodle password policy by default and disabling the password policy is not necessary.
Moreover, the password_generator uses str_shuffle and array_rand, both of which are not cryptographically secure.
Suggestions: