.. in accordance with current NIST recommendations [0]. It's 2024; so reasonable to expect an 8-character-password at the minimum.
[0] https://pages.nist.gov/800-63-4/sp800-63b.html#passwordver Signed-off-by: Christoph Heiss <c.he...@proxmox.com> --- Changes v1 -> v2: * rebased on latest master * added note about requirement in the UI proxmox-installer-common/src/lib.rs | 3 +++ proxmox-tui-installer/src/main.rs | 10 +++++++--- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/proxmox-installer-common/src/lib.rs b/proxmox-installer-common/src/lib.rs index 13acb89..3dc3bfb 100644 --- a/proxmox-installer-common/src/lib.rs +++ b/proxmox-installer-common/src/lib.rs @@ -17,3 +17,6 @@ pub const FIRST_BOOT_EXEC_NAME: &str = "proxmox-first-boot"; /// Maximum file size for the first-boot hook executable. pub const FIRST_BOOT_EXEC_MAX_SIZE: usize = 1024 * 1024; // 1 MiB + +/// Minimum length for the root password +pub const ROOT_PASSWORD_MIN_LENGTH: usize = 8; diff --git a/proxmox-tui-installer/src/main.rs b/proxmox-tui-installer/src/main.rs index 4385713..b33b6f7 100644 --- a/proxmox-tui-installer/src/main.rs +++ b/proxmox-tui-installer/src/main.rs @@ -20,6 +20,7 @@ use proxmox_installer_common::{ options::{email_validate, BootdiskOptions, NetworkOptions, TimezoneOptions}, setup::{installer_setup, LocaleInfo, ProxmoxProduct, RuntimeInfo, SetupInfo}, utils::Fqdn, + ROOT_PASSWORD_MIN_LENGTH, }; mod setup; @@ -422,7 +423,10 @@ fn password_dialog(siv: &mut Cursive) -> InstallerView { let options = &state.options.password; let inner = FormView::new() - .child("Root password", EditView::new().secret()) + .child( + "Root password [at least 8 characters]", + EditView::new().secret(), + ) .child("Confirm root password", EditView::new().secret()) .child( "Administrator email", @@ -447,8 +451,8 @@ fn password_dialog(siv: &mut Cursive) -> InstallerView { .get_value::<EditView, _>(2) .ok_or("failed to retrieve email")?; - if root_password.len() < 5 { - Err("password too short, must be at least 5 characters long".to_owned()) + if root_password.len() < ROOT_PASSWORD_MIN_LENGTH { + Err(format!("password too short, must be at least {ROOT_PASSWORD_MIN_LENGTH} characters long")) } else if root_password != confirm_password { Err("passwords do not match".to_owned()) } else if let Err(err) = email_validate(&email) { -- 2.47.0 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
