Bug#364526: debian-installer: Please implement a password-checking module
The programm code in the patch seems reasonable.
a Thing I like to see changed,
is "password check" into "password strength check"
Op 16-06-2007 om 21:41 schreef Masami Ichikawa:
> Hello.
>
> I wrote a password checking feature implement by shell script in function.sh.
a password strength checking feature
<snip what="header of patch"/>
> +# Returns a true value if password seems to be a safety.
# Return a true value if password seems to be strong enough
> +chkpasswd ()
chkpasswdstrength()
> +{
> + user=$1
> + passwd=$2
> +
> + user_len=`echo $user | wc -c`
> + passwd_len=`echo $passwd | wc -c`
> +
> + # password length should be bigger than four.
> + if test $passwd_len -lt 5; then
> + return 0
> + fi
> +
> + # password shouldn't be a login account.
> + if test "$user" = "$passwd"; then
> + return 0
> + fi
> +
> + # password shouldn't contain login account.
> + ret=`echo $passwd | grep -ci $user`
> + if test $ret = 1; then
> + if test $passwd_len -ge $user_len; then
???
That check doesn't look reasonable ...
> + return 0
> + fi
> + fi
> +
> +}
> Index: debian/user-setup-udeb.templates
> ===================================================================
> --- debian/user-setup-udeb.templates (revision 47257)
> +++ debian/user-setup-udeb.templates (working copy)
> @@ -43,6 +43,12 @@
> Please enter the same root password again to verify that you have typed it
> correctly.
>
> +Template: passwd/chkpasswd
Template: passwd/chkpasswdstrength
> +Type: boolean
> +Default: false
> +_Description: : Check a password?
_Description: : Check password strength?
> + Safety password will make secure system.
Stronger password will make a more secure system.
> +
> Template: passwd/make-user
> Type: boolean
> Default: true
> @@ -110,6 +116,12 @@
> You entered an empty password, which is not allowed.
> Please choose a non-empty password.
>
> +Template: user-setup/chkpasswd-bad
Template: user-setup/chkpasswdstrength-bad
> +Type: error
> +_Description: The password does not seem safety.
+_Description: The password does not seem strong.
> + The password you entered is not look safety.
+ The password you entered is not a strong password.
> + Please mix the capital letter, the small letter, and numbers with the password.
+ Make a mix of capital letters, small letters AND numbers for the password.
> +
> Template: passwd/shadow
> Type: boolean
> Default: true
> Index: user-setup-ask
> ===================================================================
> --- user-setup-ask (revision 47257)
> +++ user-setup-ask (working copy)
> @@ -37,6 +37,8 @@
> db_input low passwd/shadow || true
> # Ask if root should be allowed to login.
> db_input medium passwd/root-login || true
> + # Ask if user wants to check a password
+ # Ask if user wants to check password strength
> + db_input low passwd/chkpasswd || true
+ db_input low passwd/chkpasswdstrength || true
> ;;
> 1)
> db_get passwd/root-login
> @@ -63,6 +65,9 @@
> # root password will be locked
> db_set passwd/root-password-again ""
> elif ! root_password; then
> + db_get passwd/chkpasswd || true
+ db_input low passwd/chkpasswdstrength || true
> + PW_CHK="$RET"
> +
> # First check whether the root password was preseeded crypted
> db_get passwd/root-password-crypted || true
> if ! test "$RET" ; then
> @@ -78,6 +83,16 @@
> STATE=0
> continue
> fi
> + if [ "$PW_CHK" = true ]; then
> + if `chkpasswd "root" "$ROOT_PW"`; then
> + db_fset user-setup/chkpasswd-bad seen false
+ db_fset user-setup/chkpasswdstrength-bad seen false
> + db_input critical user-setup/chkpasswd-bad
+ db_input critical user-setup/chkpasswdstrength-bad
> + db_fset passwd/root-password seen false
> + db_fset passwd/root-password-again seen false
> + STATE=0
> + continue
> + fi
> + fi
> db_get passwd/root-password-again
> if [ "$ROOT_PW" != "$RET" ]; then
> db_fset user-setup/password-mismatch seen false
> @@ -192,6 +207,19 @@
> STATE=6
> continue
> fi
> + if [ "$PW_CHK" = true ]; then
> + if `chkpasswd "$USER" "$USER_PW"`; then
> + db_set passwd/user-password ""
> + db_set passwd/user-password-again ""
> + db_fset user-setup/chkpasswd-bad seen false
+ db_fset user-setup/chkpasswdstrength-bad seen false
> + db_input critical user-setup/chkpasswd-bad
+ db_input critical user-setup/chkpasswdstrength-bad
> + db_fset passwd/user-password seen false
> + db_fset passwd/user-password-again seen false
> + STATE=6
> + continue
> + fi
> + fi
> +
> fi
> fi
> ;;
Cheers
Geert Stappers
--
Here some Bruce Schneider quote like
"security is not having long passwords"
Reply to: