Ubuntu
user-setup package

Installer does not check if password is strong enough

Bug #423775 reported by ShawnStarr on 2009-09-03

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	user-setup (Ubuntu)	Triaged	Wishlist	Unassigned

Bug Description

Wishlist: It surprises me that the Debian installer does not check if the user's password is strong enough. Given you can sudo to root using this password (effectively) it might make sense to check if the user should make a stronger one? They can of course override the notice if they wish.

Revision history for this message

ShawnStarr (shawn-starr) wrote on 2009-09-03:

I should note, the installer only checks length, not strength of password.

Revision history for this message

Colin Watson (cjwatson) wrote on 2009-09-03:

FWIW the security team said they were OK with this for the time being; the problem is essentially that (a) very few utilities are available at the point when we need to check this, e.g. not things like cracklib, (b) in the graphical installer, UI constraints require that the password strength be checked on the fly so it needs to be quick. Thus we ended up with the current compromise.

affects:	debian-installer (Ubuntu) → user-setup (Ubuntu)
Changed in user-setup (Ubuntu):
importance:	Undecided → Wishlist
status:	New → Triaged

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuuser-setup package

Installer does not check if password is strong enough

Bug Description

Other bug subscribers

Remote bug watches

Ubuntu
user-setup package