SAE-PK: Increment the minimum password length to 9
While this is not explicitly defined as the limit, lambda=8 (i.e., 9 characters with the added hyphen) is needed with Sec=5 to reach the minimum required resistance to preimage attacks, so use this as an implicit definition of the password length constraint. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen
Jouni Malinen
parent
2c7b5a2c5f
commit
c85b39ec50
1 changed files with 5 additions and 4 deletions
|
|
@ -27,11 +27,12 @@ bool sae_pk_valid_password(const char *pw)
|
|||
{
|
||||
int pos;
|
||||
|
||||
/* Minimum password length for SAE-PK is not defined, but the automatic
|
||||
* password style determination is more reliable if at least one hyphen
|
||||
* is forced to be present in the password. */
|
||||
if (os_strlen(pw) < 6)
|
||||
if (os_strlen(pw) < 9) {
|
||||
/* Not long enough to meet the minimum required resistance to
|
||||
* preimage attacks, so do not consider this valid for SAE-PK.
|
||||
*/
|
||||
return false;
|
||||
}
|
||||
|
||||
for (pos = 0; pw[pos]; pos++) {
|
||||
if (pos && pos % 5 == 4) {
|
||||
|
|
|
|||
Loading…
Reference in a new issue