This service will be undergoing maintenance at 00:00 UTC, 2016-09-28. It is expected to last about 1 hours
Bug 53504 - RFE: weak password check in installer
RFE: weak password check in installer
Status: CLOSED WONTFIX
Product: Red Hat Linux
Classification: Retired
Component: installer (Show other bugs)
7.1
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Brent Fox
Brock Organ
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-09-10 12:38 EDT by Ed Halley
Modified: 2007-04-18 12:37 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-09-15 17:29:24 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Ed Halley 2001-09-10 12:38:36 EDT
(Security or Enhancement, not sure which this should be.)

The installer requests new passwords for the new root account.  The
installer  *should* offer feedback about weak dictionary attacks, just as
'passwd' does.

This step is the best step for new Linux users to realize that their
password choice matters.  Many people set a root password at install, and
never check it with 'passwd' later, so they do not realize that the
password they chose is weak.

(Yes, I know, this may mean the installer has to load a dictionary.  The
security gains outweigh the issue, in my opinion.)

At this step, there is a string field that says "Root passwords do not
match." or "Root password accepted."  I suggest this should change to "Root
password chosen may be easily guessed." if the password is not strong enough.
Comment 1 Need Real Name 2001-09-10 18:24:32 EDT
i'm having problems installing redhat 7.1. I can't put a valid root password... 
no matter what i write, nothing can help me....

I'm only trying to learn how to work with Linux, and kick windows!

Please help me...

PD: Tell me a valid password to put in this field... i'm only trying to learn.

Thanks
Javier Sagredo
Comment 2 Brent Fox 2001-09-12 15:03:43 EDT
jisagred@yahoo.com, here's snippet of the online help in the installer:

"Enter a password for the root account. The password must be at least six
characters in length. Confirm the password by re-entering the password in the
second entry field"
 Are you still having problems?

Comment 3 Brent Fox 2001-09-12 15:14:33 EDT
ed, this is something we will consider.
Comment 4 Need Real Name 2001-09-12 17:05:41 EDT
i'm still having problems... no matter what wind of password i used, there is 
always the same responde... 'root password do not match'...

i'm using Redhat linux 7.1 in spanish instalation... there is a dictionary 
problem???? i used english words, combination of words, codes, numbers... 
nothing happen...

please help me... i'm only trying to understant linux...
Comment 5 Brent Fox 2001-09-13 17:09:53 EDT
jisagred, there should be no difference between the languages.  In the root
password screen, you have to enter the root password twice, to make sure that
you didn't make a typo error.  This is standard procedure for password setting
programs (it's done this way in Windows and other Unix operating systems).  It
looks like you are somehow not typing the root password correctly.  Since the
results of the two password entry boxes don't match, the install won't accept
the password.  Does that help?
Comment 6 Need Real Name 2001-09-13 17:57:28 EDT
nop... nones...

it doesn't work...

i download two times red hat linux 7.1.. from two different sites.. (expecting 
a cd iso image error), but nones...

do you have and old password to put in this fields??? i tried too many 
combinations.. password with 6 to 10 letters, numbers, combinations... and 
nones...

thanks..
Javier
Comment 7 Brent Fox 2001-09-13 18:23:38 EDT
jisagred, try typing in 'testtest' in all lowercase in both the password
windows.  There's no reason for this not to work.
Comment 8 Need Real Name 2001-09-13 18:29:02 EDT
thanks

i will probe it later.. i can't use my pc right now...

i'll tell you...

Javier
Comment 9 Need Real Name 2001-09-15 17:29:19 EDT
thanks any way..

i install redHat linux 6.2 and i upgrade my installation to 7.1...

it works greats..

Javier
Comment 10 Brent Fox 2001-10-23 14:27:45 EDT
The online help text is pretty clear about the importance of the root password.
 We have decided not to implement this feature at this time.
Comment 11 Matthew Miller 2003-04-20 10:47:24 EDT
want to re-look at this for the next release? no one reads the text. :)

Note You need to log in before you can comment on or make changes to this bug.