Red Hat Bugzilla – Bug 53504
RFE: weak password check in installer
Last modified: 2007-04-18 12:37:00 EDT
(Security or Enhancement, not sure which this should be.)
The installer requests new passwords for the new root account. The
installer *should* offer feedback about weak dictionary attacks, just as
This step is the best step for new Linux users to realize that their
password choice matters. Many people set a root password at install, and
never check it with 'passwd' later, so they do not realize that the
password they chose is weak.
(Yes, I know, this may mean the installer has to load a dictionary. The
security gains outweigh the issue, in my opinion.)
At this step, there is a string field that says "Root passwords do not
match." or "Root password accepted." I suggest this should change to "Root
password chosen may be easily guessed." if the password is not strong enough.
i'm having problems installing redhat 7.1. I can't put a valid root password...
no matter what i write, nothing can help me....
I'm only trying to learn how to work with Linux, and kick windows!
Please help me...
PD: Tell me a valid password to put in this field... i'm only trying to learn.
firstname.lastname@example.org, here's snippet of the online help in the installer:
"Enter a password for the root account. The password must be at least six
characters in length. Confirm the password by re-entering the password in the
second entry field"
Are you still having problems?
ed, this is something we will consider.
i'm still having problems... no matter what wind of password i used, there is
always the same responde... 'root password do not match'...
i'm using Redhat linux 7.1 in spanish instalation... there is a dictionary
problem???? i used english words, combination of words, codes, numbers...
please help me... i'm only trying to understant linux...
jisagred, there should be no difference between the languages. In the root
password screen, you have to enter the root password twice, to make sure that
you didn't make a typo error. This is standard procedure for password setting
programs (it's done this way in Windows and other Unix operating systems). It
looks like you are somehow not typing the root password correctly. Since the
results of the two password entry boxes don't match, the install won't accept
the password. Does that help?
it doesn't work...
i download two times red hat linux 7.1.. from two different sites.. (expecting
a cd iso image error), but nones...
do you have and old password to put in this fields??? i tried too many
combinations.. password with 6 to 10 letters, numbers, combinations... and
jisagred, try typing in 'testtest' in all lowercase in both the password
windows. There's no reason for this not to work.
i will probe it later.. i can't use my pc right now...
i'll tell you...
thanks any way..
i install redHat linux 6.2 and i upgrade my installation to 7.1...
it works greats..
The online help text is pretty clear about the importance of the root password.
We have decided not to implement this feature at this time.
want to re-look at this for the next release? no one reads the text. :)