Index: user/busybox/defconfig
===================================================================
RCS file: /var/cvs/devel/hydra-system/uclinux-3.2.0/user/busybox/defconfig,v
retrieving revision 1.4
diff -u -b -r1.4 defconfig
--- user/busybox/defconfig	25 Jul 2006 18:32:18 -0000	1.4
+++ user/busybox/defconfig	13 May 2007 19:20:35 -0000
@@ -289,6 +289,7 @@
 #
 # CONFIG_FEATURE_SHADOWPASSWDS is not set
 # CONFIG_USE_BB_SHADOW is not set
+# CONFIG_PCI_PASSWORDS is not set
 
 #
 # Miscellaneous Utilities
Index: user/busybox/libbb/obscure.c
===================================================================
RCS file: /var/cvs/devel/hydra-system/uclinux-3.2.0/user/busybox/libbb/obscure.c,v
retrieving revision 1.1.1.1
diff -u -b -r1.1.1.1 obscure.c
--- user/busybox/libbb/obscure.c	20 Dec 2004 18:31:35 -0000	1.1.1.1
+++ user/busybox/libbb/obscure.c	13 May 2007 19:20:35 -0000
@@ -91,15 +91,28 @@
 
 	for (i = 0; (c = *newval++) != 0; i++) {
 		if (isdigit(c))
-			digits = c;
+            digits++;
 		else if (isupper(c))
-			uppers = c;
+            uppers++;
 		else if (islower(c))
-			lowers = c;
+            lowers++;
 		else
-			others = c;
+            others++;
 	}
-
+#ifdef CONFIG_PCI_PASSWORDS
+    /* check for PCI compliant passwords 
+    *  reference https://www.pcisecuritystandards.org/tech/download_the_pci_dss.htm
+    * 
+    * Password is a minumum of 7 characters long and has 
+    * at least one letter and one number
+    * 
+    */
+	 // printf("d=%d, u=%d, l=%d", digits, uppers, lowers);  
+    if (!(digits && uppers && lowers)) {
+        return 1; // wrong character set
+    }
+    size = 7;
+#else
 	/*
 	 * The scam is this - a password of only one character type
 	 * must be 8 letters long.  Two types, 7, and so on.
@@ -114,7 +127,7 @@
 		size--;
 	if (others)
 		size--;
-
+#endif
 	if (size <= i)
 		return 0;
 
@@ -140,7 +153,11 @@
 	if (strcmp(newval, old) == 0)
 		return "no change";
 	if (simple(newval))
+#ifdef CONFIG_PCI_PASSWORDS
+        return "not PCI compliant";
+#else
 		return "too simple";
+#endif
 
 	msg = NULL;
 	newmono = str_lower(bb_xstrdup(newval));
@@ -206,7 +223,9 @@
 	   8-char password and adding some random characters to it...
 	   Example: "password$%^&*123".  So check it again, this time
 	   truncated to the maximum length.  Idea from npasswd.  --marekm */
-
+    /* This is not an issue in uClibc 0.28. MD5 hash is used to generate
+    * the password and has an unlimited length
+    * 
 	maxlen = 8;
 	if (oldlen <= maxlen && newlen <= maxlen)
 		return NULL;
@@ -224,7 +243,7 @@
 	bzero(old1, oldlen);
 	free(new1);
 	free(old1);
-
+    */
 	return msg;
 }
 
Index: user/busybox/loginutils/Config.in
===================================================================
RCS file: /var/cvs/devel/hydra-system/uclinux-3.2.0/user/busybox/loginutils/Config.in,v
retrieving revision 1.1.1.1
diff -u -b -r1.1.1.1 Config.in
--- user/busybox/loginutils/Config.in	20 Dec 2004 18:31:35 -0000	1.1.1.1
+++ user/busybox/loginutils/Config.in	13 May 2007 19:20:35 -0000
@@ -138,6 +138,14 @@
 	  readable by root and thus the encrypted passwords are no longer
 	  publicly readable.
 
+config CONFIG_PCI_PASSWORDS
+    bool "Support for PCI compliant passwords"
+    default n
+    depends on CONFIG_ADDUSER || CONFIG_DELUSER || CONFIG_LOGIN || CONFIG_SU
+    help
+      If enabled, enforce PCI compliant passwords. Ref 
+      https://www.pcisecuritystandards.org/tech/download_the_pci_dss.htm
+
 config CONFIG_USE_BB_SHADOW
 	bool "  Use busybox shadow password functions"
 	default n
Index: user/busybox/loginutils/passwd.c
===================================================================
RCS file: /var/cvs/devel/hydra-system/uclinux-3.2.0/user/busybox/loginutils/passwd.c,v
retrieving revision 1.1.1.1
diff -u -b -r1.1.1.1 passwd.c
--- user/busybox/loginutils/passwd.c	20 Dec 2004 18:31:35 -0000	1.1.1.1
+++ user/busybox/loginutils/passwd.c	13 May 2007 19:20:35 -0000
@@ -324,6 +324,15 @@
 	char orig[200];
 	char pass[200];
 	time_t start, now;
+#ifdef CONFIG_PCI_PASSWORDS
+    char *prompt = "Enter the new password (minimum of 7 characters)\n"
+                      "It must use a combination of upper and lower case letters and numbers.\n"
+                      "Enter new password: ";
+#else
+    char *prompt = "Enter the new password (minimum of 5, maximum of 8 characters)\n"
+                      "Please use a combination of upper and lower case letters and numbers.\n"
+                      "Enter new password: ";
+#endif
 
 	if (!amroot && crypt_passwd[0]) {
 		if (!(clear = bb_askpass(0, "Old password:"))) {
@@ -350,9 +359,7 @@
 	} else {
 		orig[0] = '\0';
 	}
-	if (! (cp=bb_askpass(0, "Enter the new password (minimum of 5, maximum of 8 characters)\n"
-					  "Please use a combination of upper and lower case letters and numbers.\n"
-					  "Enter new password: ")))
+    if (! (cp=bb_askpass(0, prompt)))
 	{
 		bzero(orig, sizeof orig);
 		/* return -1; */