search

TigerVNC / tigervnc

High performance, multi-platform VNC client and server
https://tigervnc.org
GNU General Public License v2.0
4.85k stars 907 forks source link

vncpasswd add pwquality complexity rule check #1762

Open prownd opened 1 month ago

prownd commented 1 month ago

Add a password complexity strategy for VNC user authentication enhance password quality verification checks, and enhance security

Additionally, Chinese translation has been added

CendioOssman commented 1 month ago

Thank you for your contribution!

I'm concerned how well a pwquality will work for VNC passwords, given that they are limited to 8 characters. #370 would probably need to be implemented first. Otherwise the user might come up with a long and secure to keep pwquality happy, but overlook the fact that the actual used password is much shorter.

It should probably also just be a warning when pwquality fails, not an error, given that it is difficult to get a good password with so few characters.

prownd commented 1 month ago

Yes, due to the VNC protocol, the actual length of the VNC password used is 8 characters. The first version I modified did indeed limit the maximum length to 8 characters. However, considering that there has always been no limit on the maximum length when setting passwords, so I removed the limit of 8 characters. According to your suggestion, when pwquality fails, there will only be an alarm prompt. Instead of terminating password settings

prownd commented 1 month ago

Thank you for your contribution!

I'm concerned how well a pwquality will work for VNC passwords, given that they are limited to 8 characters. #370 would probably need to be implemented first. Otherwise the user might come up with a long and secure to keep pwquality happy, but overlook the fact that the actual used password is much shorter.

It should probably also just be a warning when pwquality fails, not an error, given that it is difficult to get a good password with so few characters.

According to your opinion, when setting a password, add an 8-character limit. Can I modify and submit it again or not

prownd commented 4 weeks ago
  1. Use libpwquality to check password quality and complexity, improving security. The validation rules for libpwquality are as follows:
    • The minimum password length is 6 and the maximum is 8
    • Password characters repeat once
    • At least 3 types of characters are required
  2. Add i18n internationalization support and Chinese localization translation.
prownd commented 4 weeks ago

  1. Use libpwquality to check password quality and complexity, improving security. The validation rules for libpwquality are as follows:

    • The minimum password length is 6 and the maximum is 8
    • Password characters repeat once
    • At least 3 types of characters are required
  2. Add i18n internationalization support and Chinese localization translation.

@CendioOssman Could you please take a look and see if there is anything else that needs to be added.

prownd commented 1 week ago

@CendioOssman
I have made modifications according to your suggestions. Could you please review it to see if it is correct.

prownd commented 1 week ago

Could you please take a moment to review again . @CendioOssman