Hi devs, We are trying to make passwords on LEDE a tiny bit more secure by refusing weak or short (read: less than 6 characters) passwords.
Please see related discussion over here, where the inconsistencies were discovered: https://github.com/openwrt/luci/pull/878 Here is what the patch changes in user experience: Router running an image NOT including the proposed patch: root@rtr:~# passwd Changing password for root New password: Bad password: too short Retype password: passwd: password for root changed by root The password minimum length is not enforced for the root user, also weak passwords are accepted for the root user despite showing a warning. Router running an image including the proposed patch: root@lede-dev:~# passwd Changing password for root New password: Bad password: too short passwd: password for root is unchanged It refuses to accept a password that is too short or considered weak. Cheers, Dan This patches the busybox passwd source so that even root is not allowed to set a weak (too short) password. This enables us to define a minimum password length that is consistent over graphical interfaces (e.g. LuCI) and CLI. Signed-off-by: Dan Luedtke <m...@danrl.com> _______________________________________________ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev
