[LEDE-DEV] [PATCH] utils/busybox: prevent weak root passwords

Hannu Nyman hannu.nyman at iki.fi
Fri Feb 17 03:50:57 PST 2017

On 17.2.2017 12.42, danrl wrote:
> We are trying to make passwords on LEDE a tiny bit more secure by refusing weak or short (read: less than 6 characters) passwords.
> Please see related discussion over here, where the inconsistencies were discovered:
> https://github.com/openwrt/luci/pull/878

Note that busybox does not just enforce length. It evaluates the pw 
complexity based on several rules and e.g. the actual allowed minimum length 
would vary between 6-14 depending e.g. on the mix of character types (A, a, 
1, #) used in the pw.


So the change is not quite trivial about just length.

More information about the Lede-dev mailing list