[LEDE-DEV] [PATCH] utils/busybox: prevent weak root passwords
Hannu Nyman
hannu.nyman at iki.fi
Fri Feb 17 03:50:57 PST 2017
On 17.2.2017 12.42, danrl wrote:
> We are trying to make passwords on LEDE a tiny bit more secure by refusing weak or short (read: less than 6 characters) passwords.
>
> Please see related discussion over here, where the inconsistencies were discovered:
> https://github.com/openwrt/luci/pull/878
Note that busybox does not just enforce length. It evaluates the pw
complexity based on several rules and e.g. the actual allowed minimum length
would vary between 6-14 depending e.g. on the mix of character types (A, a,
1, #) used in the pw.
https://git.busybox.net/busybox/tree/libbb/obscure.c#n105
So the change is not quite trivial about just length.
More information about the Lede-dev
mailing list