On 17.2.2017 12.42, danrl wrote:
We are trying to make passwords on LEDE a tiny bit more secure by refusing weak
or short (read: less than 6 characters) passwords.
Please see related discussion over here, where the inconsistencies were
discovered:
https://github.com/openwrt/luci/pull/878
Note that busybox does not just enforce length. It evaluates the pw
complexity based on several rules and e.g. the actual allowed minimum length
would vary between 6-14 depending e.g. on the mix of character types (A, a,
1, #) used in the pw.
https://git.busybox.net/busybox/tree/libbb/obscure.c#n105
So the change is not quite trivial about just length.
_______________________________________________
Lede-dev mailing list
Lede-dev@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/lede-dev
