libmisc, man: Drop old check and advice for complex character sets in passwords
Add the relevant XKCD to the passwd(1) manual page. It already explains most of the rationale behind this patch. Add also reference to makepasswd(1), which is a good way to generate strong passwords. Personally, I commonly run `makepasswd --chars 64` to create my passwords, or 32 for passwords I need to type interactively often. The strength of a password is an exponential formula, where the base is the size of the character set, and the exponent is the length of the password. That already shows why long passwords of just lowercase letters are better than short Pa$sw0rdZ3. But an even more important point is that humans, when forced to use symbols in a password, are more likely to do trivial substitutions on simple passwords, which doesn't increase strength, and can instead give a false sense of strength, which is dangerous. Closes: <https://github.com/shadow-maint/shadow/issues/688> Link: <https://xkcd.com/936/> Cc: Mike Frysinger <vapier@gentoo.org> Signed-off-by: Alejandro Colomar <alx@kernel.org>
This commit is contained in:
Alejandro Colomar
committed by
Iker Pedrosa
Iker Pedrosa
parent
7078ed1e0b
commit
0c4fa6ee0a
@@ -75,57 +75,6 @@ static bool similar (/*@notnull@*/const char *old, /*@notnull@*/const char *new)
|
||||
return true;
|
||||
}
|
||||
|
||||
/*
|
||||
* a nice mix of characters.
|
||||
*/
|
||||
|
||||
static bool simple (unused const char *old, const char *new)
|
||||
{
|
||||
bool digits = false;
|
||||
bool uppers = false;
|
||||
bool lowers = false;
|
||||
bool others = false;
|
||||
int size;
|
||||
int i;
|
||||
|
||||
for (i = 0; '\0' != new[i]; i++) {
|
||||
if (isdigit (new[i])) {
|
||||
digits = true;
|
||||
} else if (isupper (new[i])) {
|
||||
uppers = true;
|
||||
} else if (islower (new[i])) {
|
||||
lowers = true;
|
||||
} else {
|
||||
others = true;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* The scam is this - a password of only one character type
|
||||
* must be 8 letters long. Two types, 7, and so on.
|
||||
*/
|
||||
|
||||
size = 9;
|
||||
if (digits) {
|
||||
size--;
|
||||
}
|
||||
if (uppers) {
|
||||
size--;
|
||||
}
|
||||
if (lowers) {
|
||||
size--;
|
||||
}
|
||||
if (others) {
|
||||
size--;
|
||||
}
|
||||
|
||||
if (size <= i) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
static char *str_lower (/*@returned@*/char *string)
|
||||
{
|
||||
char *cp;
|
||||
@@ -170,8 +119,6 @@ static /*@observer@*//*@null@*/const char *password_check (
|
||||
msg = _("case changes only");
|
||||
} else if (similar (oldmono, newmono)) {
|
||||
msg = _("too similar");
|
||||
} else if (simple (old, new)) {
|
||||
msg = _("too simple");
|
||||
} else if (strstr (wrapped, newmono) != NULL) {
|
||||
msg = _("rotated");
|
||||
} else {
|
||||
|
||||
Reference in New Issue
Block a user