[pve-devel] [PATCH installer 2/3] tui: raise minimum root password length to 8 characters

Christoph Heiss c.heiss at proxmox.com
Mon Oct 7 11:22:16 CEST 2024 

.. in accordance with current NIST recommendations [0].

It's 2024; so reasonable to expect an 8-character-password at the
minimum.

[0] https://pages.nist.gov/800-63-4/sp800-63b.html#passwordver

Signed-off-by: Christoph Heiss <c.heiss at proxmox.com>
---
 proxmox-installer-common/src/lib.rs |  3 +++
 proxmox-tui-installer/src/main.rs   | 11 ++++++-----
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/proxmox-installer-common/src/lib.rs b/proxmox-installer-common/src/lib.rs
index 850e825..70dffab 100644
--- a/proxmox-installer-common/src/lib.rs
+++ b/proxmox-installer-common/src/lib.rs
@@ -4,3 +4,6 @@ pub mod setup;
 pub mod utils;
 
 pub const RUNTIME_DIR: &str = "/run/proxmox-installer";
+
+/// Minimum length for the root password
+pub const ROOT_PASSWORD_MIN_LENGTH: usize = 8;
diff --git a/proxmox-tui-installer/src/main.rs b/proxmox-tui-installer/src/main.rs
index 3fb87a7..c5befce 100644
--- a/proxmox-tui-installer/src/main.rs
+++ b/proxmox-tui-installer/src/main.rs
@@ -22,6 +22,7 @@ use proxmox_installer_common::{
     options::{BootdiskOptions, NetworkOptions, TimezoneOptions},
     setup::{installer_setup, LocaleInfo, ProxmoxProduct, RuntimeInfo, SetupInfo},
     utils::Fqdn,
+    ROOT_PASSWORD_MIN_LENGTH,
 };
 
 mod setup;
@@ -452,14 +453,14 @@ fn password_dialog(siv: &mut Cursive) -> InstallerView {
                     Regex::new(r"^[\w\+\-\~]+(\.[\w\+\-\~]+)*@[a-zA-Z0-9\-]+(\.[a-zA-Z0-9\-]+)*$")
                         .unwrap();
 
-                if root_password.len() < 5 {
-                    Err("password too short, must be at least 5 characters long")
+                if root_password.len() < ROOT_PASSWORD_MIN_LENGTH {
+                    Err(format!("password too short, must be at least {ROOT_PASSWORD_MIN_LENGTH} characters long"))
                 } else if root_password != confirm_password {
-                    Err("passwords do not match")
+                    Err("passwords do not match".to_owned())
                 } else if email == "mail at example.invalid" {
-                    Err("invalid email address")
+                    Err("invalid email address".to_owned())
                 } else if !email_regex.is_match(&email) {
-                    Err("Email does not look like a valid address (user at domain.tld)")
+                    Err("Email does not look like a valid address (user at domain.tld)".to_owned())
                 } else {
                     Ok(PasswordOptions {
                         root_password,
-- 
2.46.0

More information about the pve-devel mailing list