Bug 53504 - RFE: weak password check in installer
Summary: RFE: weak password check in installer
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: installer
Version: 7.1
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Brent Fox
QA Contact: Brock Organ
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2001-09-10 16:38 UTC by Ed Halley
Modified: 2007-04-18 16:37 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2001-09-15 21:29:24 UTC
Embargoed:


Attachments (Terms of Use)

Description Ed Halley 2001-09-10 16:38:36 UTC
(Security or Enhancement, not sure which this should be.)

The installer requests new passwords for the new root account.  The
installer  *should* offer feedback about weak dictionary attacks, just as
'passwd' does.

This step is the best step for new Linux users to realize that their
password choice matters.  Many people set a root password at install, and
never check it with 'passwd' later, so they do not realize that the
password they chose is weak.

(Yes, I know, this may mean the installer has to load a dictionary.  The
security gains outweigh the issue, in my opinion.)

At this step, there is a string field that says "Root passwords do not
match." or "Root password accepted."  I suggest this should change to "Root
password chosen may be easily guessed." if the password is not strong enough.

Comment 1 Need Real Name 2001-09-10 22:24:32 UTC
i'm having problems installing redhat 7.1. I can't put a valid root password... 
no matter what i write, nothing can help me....

I'm only trying to learn how to work with Linux, and kick windows!

Please help me...

PD: Tell me a valid password to put in this field... i'm only trying to learn.

Thanks
Javier Sagredo

Comment 2 Brent Fox 2001-09-12 19:03:43 UTC
jisagred, here's snippet of the online help in the installer:

"Enter a password for the root account. The password must be at least six
characters in length. Confirm the password by re-entering the password in the
second entry field"
 Are you still having problems?



Comment 3 Brent Fox 2001-09-12 19:14:33 UTC
ed, this is something we will consider.

Comment 4 Need Real Name 2001-09-12 21:05:41 UTC
i'm still having problems... no matter what wind of password i used, there is 
always the same responde... 'root password do not match'...

i'm using Redhat linux 7.1 in spanish instalation... there is a dictionary 
problem???? i used english words, combination of words, codes, numbers... 
nothing happen...

please help me... i'm only trying to understant linux...

Comment 5 Brent Fox 2001-09-13 21:09:53 UTC
jisagred, there should be no difference between the languages.  In the root
password screen, you have to enter the root password twice, to make sure that
you didn't make a typo error.  This is standard procedure for password setting
programs (it's done this way in Windows and other Unix operating systems).  It
looks like you are somehow not typing the root password correctly.  Since the
results of the two password entry boxes don't match, the install won't accept
the password.  Does that help?

Comment 6 Need Real Name 2001-09-13 21:57:28 UTC
nop... nones...

it doesn't work...

i download two times red hat linux 7.1.. from two different sites.. (expecting 
a cd iso image error), but nones...

do you have and old password to put in this fields??? i tried too many 
combinations.. password with 6 to 10 letters, numbers, combinations... and 
nones...

thanks..
Javier


Comment 7 Brent Fox 2001-09-13 22:23:38 UTC
jisagred, try typing in 'testtest' in all lowercase in both the password
windows.  There's no reason for this not to work.

Comment 8 Need Real Name 2001-09-13 22:29:02 UTC
thanks

i will probe it later.. i can't use my pc right now...

i'll tell you...

Javier

Comment 9 Need Real Name 2001-09-15 21:29:19 UTC
thanks any way..

i install redHat linux 6.2 and i upgrade my installation to 7.1...

it works greats..

Javier

Comment 10 Brent Fox 2001-10-23 18:27:45 UTC
The online help text is pretty clear about the importance of the root password.
 We have decided not to implement this feature at this time.

Comment 11 Matthew Miller 2003-04-20 14:47:24 UTC
want to re-look at this for the next release? no one reads the text. :)


Note You need to log in before you can comment on or make changes to this bug.