Increase the size of HTTP passwords

These passwords are generated on the server side, and a regular user
has no way of increasing their length unless they ask an admin which
is actually capable of setting them as an arbitrary string. The
default length of just 12 characters might not be that much by today's
standards. Password storage is cheap, and 31 random bytes mean 42
characters as a result, which is of course THE number to use.

Change-Id: If70bf233aeb34bce46aa5a7d56f3bd64e0d108f3

2 files changed, 2 insertions, 2 deletions

diff --git a/Documentation/rest-api-accounts.txt b/Documentation/rest-api-accounts.txt
index 28014295f9..2276e40dc1 100644
--- a/Documentation/rest-api-accounts.txt
+++ b/Documentation/rest-api-accounts.txt
@@ -269,7 +269,7 @@ Retrieves the HTTP password of an account.
   Content-Type: application/json;charset=UTF-8
 
   )]}'
-  "ETxgpih8xrNs"
+  "Qmxlc21ydCB1YmVyIGFsbGVzIGluIGRlciBXZWx0IQ"
 ----
 
 If the account does not have an HTTP password the response is `404 Not Found`.
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/PutHttpPassword.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/PutHttpPassword.java
index 2e0a91c179..c814fb89ad 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/PutHttpPassword.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/PutHttpPassword.java
@@ -43,7 +43,7 @@ public class PutHttpPassword implements RestModifyView<AccountResource, Input> {
     public boolean generate;
   }
 
-  private static final int LEN = 12;
+  private static final int LEN = 31;
   private static final SecureRandom rng;
 
   static {