On Sun, Dec 09, 2018 at 09:14:38PM -0500, Ted Unangst wrote:
> These patterns try to detect a1a1a1 style passwords. By making the regex a bit
> more flexible we can just use one. Also now catches mMmMmM fwiw.
it will also catches any password composed of only letters and digits
from 2 to 8 chars (need even numbers of chars).
like: aRgh675P or 78Ytgs7A
but I am unsure if it is bad or not. I think any password with only 8
chars is bad now.
> Index: pwd_check.c
> ===================================================================
> RCS file: /cvs/src/usr.bin/passwd/pwd_check.c,v
> retrieving revision 1.16
> diff -u -p -r1.16 pwd_check.c
> --- pwd_check.c 21 Aug 2017 21:41:13 -0000 1.16
> +++ pwd_check.c 10 Dec 2018 02:09:51 -0000
> @@ -72,15 +72,10 @@ struct pattern patterns[] = {
> "Please use a more complicated password."
> },
> {
> - "^([a-z][0-9]){1,4}$",
> + "^([a-z0-9][a-z0-9]){1,4}$",
> REG_EXTENDED|REG_NOSUB|REG_ICASE,
> "Please use a more complicated password."
> },
> - {
> - "^([0-9][a-z]){1,4}$",
> - REG_EXTENDED|REG_NOSUB|REG_ICASE,
> - "Please use a more complicated password."
> - }
> };
>
> int
>
--
Sebastien Marie
