On 17 February 2017 at 11:42, danrl <m...@danrl.com> wrote: > We are trying to make passwords on LEDE a tiny bit more secure by refusing > weak or short (read: less than 6 characters) passwords. > > Please see related discussion over here, where the inconsistencies were > discovered: > https://github.com/openwrt/luci/pull/878 > > Here is what the patch changes in user experience: > > Router running an image NOT including the proposed patch: > > root@rtr:~# passwd > Changing password for root > New password: > Bad password: too short > Retype password: > passwd: password for root changed by root > > The password minimum length is not enforced for the root user, also weak > passwords are accepted for the root user despite showing a warning.
Just to add my personal opinion: I also don't like this ideas. I've plenty of routers just for testing LEDE I don't need any/complex passwords on. If this is really important feature for you, maybe try sending busybox patch for an option adding such restriction also for a root user. Then we could have our option enabling that busybox option. _______________________________________________ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev
