Bug 1267954 - Same password for root and disk encryption reported both as Good and Weak
Same password for root and disk encryption reported both as Good and Weak
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: anaconda (Show other bugs)
7.2
Unspecified Unspecified
low Severity low
: rc
: ---
Assigned To: David Shea
Release Test Team
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-10-01 08:52 EDT by Alexander Todorov
Modified: 2016-01-29 11:46 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-01-29 11:46:47 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Disk encryption password (261.25 KB, image/png)
2015-10-01 08:53 EDT, Alexander Todorov
no flags Details
Root user password (94.06 KB, image/png)
2015-10-01 08:53 EDT, Alexander Todorov
no flags Details

  None (edit)
Description Alexander Todorov 2015-10-01 08:52:51 EDT
Description of problem:

I have used the same password twice:

- for disk encryption where it was reported as weak
- for the root user where it was reported as good


Version-Release number of selected component (if applicable):
anaconda-21.48.22.53-1
Comment 1 Alexander Todorov 2015-10-01 08:53 EDT
Created attachment 1079093 [details]
Disk encryption password
Comment 2 Alexander Todorov 2015-10-01 08:53 EDT
Created attachment 1079094 [details]
Root user password
Comment 3 David Shea 2015-10-01 10:21:51 EDT
There are two differences in the way anaconda performs these two password checks:

1: for the root password check, anaconda overrides minlen setting to 6. This should not matter here since the default is 8, and it looks like the password you are attempting to use has 9 characters.

2: for the root password check, anaconda passes the username parameter to the pwquality check function, since passwords that contain the username are considered weaker than those that do not, while the disk passphrase has no such concept to check against. Maybe your password contains the word "root"?
Comment 4 Tomas Mraz 2015-10-01 11:37:39 EDT
Actually the change in the minlen setting modifies the calculation of the password score so that is the reason for the difference.

Back to anaconda for consideration whether it wants to unify the minlen setting for both checks. I do not see this as a bug though.
Comment 6 David Cantrell 2016-01-29 11:46:47 EST
Consensus is this is not a bug.  If the password checking requirements need to change, that is a policy set by someone else.  Ideally product management in the case of RHEL.

Note You need to log in before you can comment on or make changes to this bug.