[LEDE-DEV] [PATCH] utils/busybox: prevent weak root passwords
Rafał Miłecki
zajec5 at gmail.com
Thu Feb 23 12:40:00 PST 2017
On 17 February 2017 at 11:42, danrl <mail at danrl.com> wrote:
> We are trying to make passwords on LEDE a tiny bit more secure by refusing weak or short (read: less than 6 characters) passwords.
>
> Please see related discussion over here, where the inconsistencies were discovered:
> https://github.com/openwrt/luci/pull/878
>
> Here is what the patch changes in user experience:
>
> Router running an image NOT including the proposed patch:
>
> root at rtr:~# passwd
> Changing password for root
> New password:
> Bad password: too short
> Retype password:
> passwd: password for root changed by root
>
> The password minimum length is not enforced for the root user, also weak passwords are accepted for the root user despite showing a warning.
Just to add my personal opinion: I also don't like this ideas. I've
plenty of routers just for testing LEDE I don't need any/complex
passwords on.
If this is really important feature for you, maybe try sending busybox
patch for an option adding such restriction also for a root user. Then
we could have our option enabling that busybox option.
More information about the Lede-dev
mailing list