Red Hat Bugzilla – Bug 53504
RFE: weak password check in installer
Last modified: 2007-04-18 12:37:00 EDT
(Security or Enhancement, not sure which this should be.) The installer requests new passwords for the new root account. The installer *should* offer feedback about weak dictionary attacks, just as 'passwd' does. This step is the best step for new Linux users to realize that their password choice matters. Many people set a root password at install, and never check it with 'passwd' later, so they do not realize that the password they chose is weak. (Yes, I know, this may mean the installer has to load a dictionary. The security gains outweigh the issue, in my opinion.) At this step, there is a string field that says "Root passwords do not match." or "Root password accepted." I suggest this should change to "Root password chosen may be easily guessed." if the password is not strong enough.
i'm having problems installing redhat 7.1. I can't put a valid root password... no matter what i write, nothing can help me.... I'm only trying to learn how to work with Linux, and kick windows! Please help me... PD: Tell me a valid password to put in this field... i'm only trying to learn. Thanks Javier Sagredo
jisagred@yahoo.com, here's snippet of the online help in the installer: "Enter a password for the root account. The password must be at least six characters in length. Confirm the password by re-entering the password in the second entry field" Are you still having problems?
ed, this is something we will consider.
i'm still having problems... no matter what wind of password i used, there is always the same responde... 'root password do not match'... i'm using Redhat linux 7.1 in spanish instalation... there is a dictionary problem???? i used english words, combination of words, codes, numbers... nothing happen... please help me... i'm only trying to understant linux...
jisagred, there should be no difference between the languages. In the root password screen, you have to enter the root password twice, to make sure that you didn't make a typo error. This is standard procedure for password setting programs (it's done this way in Windows and other Unix operating systems). It looks like you are somehow not typing the root password correctly. Since the results of the two password entry boxes don't match, the install won't accept the password. Does that help?
nop... nones... it doesn't work... i download two times red hat linux 7.1.. from two different sites.. (expecting a cd iso image error), but nones... do you have and old password to put in this fields??? i tried too many combinations.. password with 6 to 10 letters, numbers, combinations... and nones... thanks.. Javier
jisagred, try typing in 'testtest' in all lowercase in both the password windows. There's no reason for this not to work.
thanks i will probe it later.. i can't use my pc right now... i'll tell you... Javier
thanks any way.. i install redHat linux 6.2 and i upgrade my installation to 7.1... it works greats.. Javier
The online help text is pretty clear about the importance of the root password. We have decided not to implement this feature at this time.
want to re-look at this for the next release? no one reads the text. :)