On Sun, Dec 09, 2018 at 09:14:38PM -0500, Ted Unangst wrote: > These patterns try to detect a1a1a1 style passwords. By making the regex a bit > more flexible we can just use one. Also now catches mMmMmM fwiw.
it will also catches any password composed of only letters and digits from 2 to 8 chars (need even numbers of chars). like: aRgh675P or 78Ytgs7A but I am unsure if it is bad or not. I think any password with only 8 chars is bad now. > Index: pwd_check.c > =================================================================== > RCS file: /cvs/src/usr.bin/passwd/pwd_check.c,v > retrieving revision 1.16 > diff -u -p -r1.16 pwd_check.c > --- pwd_check.c 21 Aug 2017 21:41:13 -0000 1.16 > +++ pwd_check.c 10 Dec 2018 02:09:51 -0000 > @@ -72,15 +72,10 @@ struct pattern patterns[] = { > "Please use a more complicated password." > }, > { > - "^([a-z][0-9]){1,4}$", > + "^([a-z0-9][a-z0-9]){1,4}$", > REG_EXTENDED|REG_NOSUB|REG_ICASE, > "Please use a more complicated password." > }, > - { > - "^([0-9][a-z]){1,4}$", > - REG_EXTENDED|REG_NOSUB|REG_ICASE, > - "Please use a more complicated password." > - } > }; > > int > -- Sebastien Marie