From: "V V, Pranav" <pranav.v.v@intel.com>
To: devel@edk2.groups.io
Cc: bhavana.s@intel.com, tabassum.yasmin@intel.com, "V V,
Pranav" <pranav.v.v@intel.com>
Subject: [edk2-devel] [PATCH] REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4650
Date: Mon, 18 Mar 2024 17:35:48 +0530 [thread overview]
Message-ID: <69b6a59caeb88ccbf06efc97790378ffda658c04.1710762059.git.pranav.v.v@intel.com> (raw)
sPasswordStrong checks for password complexity requirements. It does bare minimal
checking for existence of uppercase, lowercase, numeral, and symbol. A password with repeating characters
would be an acceptable password, such as 1!Aaaaaa.IsPasswordInHistory checks if the password hash of the password being entered matches the hash of the
previous 5 passwords.
Added a check for preventing each character repeat more than twice consecutively
Signed-off-by: V V Pranav <pranav.v.v@intel.com>
---
.../UserAuthenticationDxeStrings.uni | 4 ++--
.../UserAuthenticationDxeSmm/UserAuthenticationSmm.c | 5 +++++
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationDxeStrings.uni b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationDxeStrings.uni
index 1e3a179677..8c4d8528ee 100644
--- a/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationDxeStrings.uni
+++ b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationDxeStrings.uni
@@ -19,8 +19,8 @@
#language fr-FR "Password Management Form"
#string STR_ADMIN_PASSWORD_PROMPT #language en-US "Change Admin Password"
#language fr-FR "Change Admin Password"
-#string STR_ADMIN_PASSWORD_HELP #language en-US "Input old admin password if it was set, then you can change the password to a new one. After the change action, you may need input the new password when you enter UI. The new password must be between 8 and 32 chars include lowercase, uppercase alphabetic, number, and symbol. Input an empty password can clean old admin password, then no need input password to enter UI."
- #language fr-FR "Input old admin password if it was set, then you can change the password to a new one. After the change action, you may need input the new password when you enter UI. The new password must be between 8 and 32 chars include lowercase, uppercase alphabetic, number, and symbol. Input an empty password can clean old admin password, then no need input password to enter UI."
+#string STR_ADMIN_PASSWORD_HELP #language en-US "Input old admin password if it was set, then you can change the password to a new one. After the change action, you may need input the new password when you enter UI. The new password must be between 8 and 32 chars include lowercase, uppercase alphabetic, number, symbol and each character should not repeat more than twice consecutively. Input an empty password can clean old admin password, then no need input password to enter UI."
+ #language fr-FR "Input old admin password if it was set, then you can change the password to a new one. After the change action, you may need input the new password when you enter UI. The new password must be between 8 and 32 chars include lowercase, uppercase alphabetic, number, symbol and each character should not repeat more than twice consecutively. Input an empty password can clean old admin password, then no need input password to enter UI."
#string STR_ADMIN_PASSWORD_STS_HELP #language en-US "Current Admin Password status: Installed or Not Installed."
#language fr-FR "Current Admin Password status: Installed or Not Installed."
#string STR_ADMIN_PASSWORD_STS_PROMPT #language en-US "Admin Password Status"
diff --git a/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.c b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.c
index 98f40c1812..d5e1488162 100644
--- a/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.c
+++ b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.c
@@ -362,6 +362,11 @@ IsPasswordStrong (
} else {
HasSymbol = TRUE;
}
+ if ((Index+2) <= (PasswordSize - 1)) {
+ if (Password[Index] == Password[Index+1] && Password[Index+1] == Password[Index+2]) {
+ return FALSE;
+ }
+ }
}
if ((!HasLowerCase) || (!HasUpperCase) || (!HasNumber) || (!HasSymbol)) {
return FALSE;
--
2.39.1.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116868): https://edk2.groups.io/g/devel/message/116868
Mute This Topic: https://groups.io/mt/105014792/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
reply other threads:[~2024-03-18 23:18 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=69b6a59caeb88ccbf06efc97790378ffda658c04.1710762059.git.pranav.v.v@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox