From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id A45981FF16F for ; Fri, 29 Nov 2024 13:22:15 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 3C73B18312; Fri, 29 Nov 2024 13:22:04 +0100 (CET) From: Christoph Heiss To: pve-devel@lists.proxmox.com Date: Fri, 29 Nov 2024 13:21:09 +0100 Message-ID: <20241129122125.1494917-2-c.heiss@proxmox.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241129122125.1494917-1-c.heiss@proxmox.com> References: <20241129122125.1494917-1-c.heiss@proxmox.com> MIME-Version: 1.0 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.123 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment POISEN_SPAM_PILL 0.1 Meta: its spam POISEN_SPAM_PILL_1 0.1 random spam to be learned in bayes POISEN_SPAM_PILL_3 0.1 random spam to be learned in bayes RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [nist.gov, whatwg.org, sys.pm] Subject: [pve-devel] [PATCH installer v2 1/5] proxinstall: raise minimum root password length to 8 characters X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" .. in accordance with current NIST recommendations [0]. It's 2024; so reasonable to expect an 8-character-password at the minimum. [0] https://pages.nist.gov/800-63-4/sp800-63b.html#passwordver Signed-off-by: Christoph Heiss --- Changes v1 -> v2: * rebased on latest master * adapted html templates Proxmox/Sys.pm | 5 +++++ html/pbs/passwd.htm | 2 +- html/pmg/passwd.htm | 2 +- html/pve/passwd.htm | 2 +- proxinstall | 7 +++++-- 5 files changed, 13 insertions(+), 5 deletions(-) diff --git a/Proxmox/Sys.pm b/Proxmox/Sys.pm index afc6780..b10deb7 100644 --- a/Proxmox/Sys.pm +++ b/Proxmox/Sys.pm @@ -7,3 +7,8 @@ use warnings; # https://html.spec.whatwg.org/multipage/input.html#valid-e-mail-address # Using that /should/ cover all possible cases that are encountered in the wild. our $EMAIL_RE = '^[a-zA-Z0-9.!#$%&\'*+/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$'; + +# Minimum password length for the root account. +# See also https://pages.nist.gov/800-63-4/sp800-63b.html#passwordver for the +# recommendation. +our $ROOT_PASSWORD_MIN_LENGTH = 8; diff --git a/html/pbs/passwd.htm b/html/pbs/passwd.htm index d331b28..f275a6f 100644 --- a/html/pbs/passwd.htm +++ b/html/pbs/passwd.htm @@ -27,7 +27,7 @@ Password: - Please use a strong password. It should be at least 8 characters long, + Please use a strong password. It must be at least 8 characters long, and contain a combination of letters, numbers, and symbols.

diff --git a/html/pmg/passwd.htm b/html/pmg/passwd.htm index 3e94480..32b74f9 100644 --- a/html/pmg/passwd.htm +++ b/html/pmg/passwd.htm @@ -27,7 +27,7 @@ Password: - Please use a strong password. It should have 8 or more characters. + Please use a strong password. It must have 8 or more characters. Also combine letters, numbers, and symbols.

diff --git a/html/pve/passwd.htm b/html/pve/passwd.htm index 1c7d2fc..b70e37c 100644 --- a/html/pve/passwd.htm +++ b/html/pve/passwd.htm @@ -27,7 +27,7 @@ Password: - Please use a strong password. It should be at least 8 characters long, + Please use a strong password. It must be at least 8 characters long, and contain a combination of letters, numbers, and symbols.

diff --git a/proxinstall b/proxinstall index 8168529..2c399d2 100755 --- a/proxinstall +++ b/proxinstall @@ -721,8 +721,11 @@ sub create_password_view { my $t1 = $pwe1->get_text; my $t2 = $pwe2->get_text; - if (length ($t1) < 5) { - Proxmox::UI::message("Password is too short."); + if (length ($t1) < $Proxmox::Sys::ROOT_PASSWORD_MIN_LENGTH) { + Proxmox::UI::message( + "Password too short, must be at least " . + "$Proxmox::Sys::ROOT_PASSWORD_MIN_LENGTH characters long" + ); $pwe1->grab_focus(); return; } -- 2.47.0 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel