From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 3BBDEAC1CA8 for ; Mon, 18 Mar 2024 23:18:48 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=ZHf1jmhRGSIektjOvShawesvRl+W/8lR3M+ifM99VbE=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20240206; t=1710803926; v=1; b=1u2QhkwS+dleIZIdfQb+gv51ju3eWBWLtl9K2sL30Q75+RORaMESNSLiRZPA1EPAJnu20Qnm ALq2B8NTyyTYc1E/hJYlrJj0TNxXSH+t/4/ZJfVt91G01zJz7xeA2MKhsGn7MuAVHCiT42zo8U9 VIQexT//zz0j30ZT63o+CPsHiz4aofH0Ha7IXsBNgzVoqJ74pT3H3f1EvyVCbdqajY9USYLW8NA DpuVqu9SrKij5Uk2M6CQlbSlYsdOuLFevwMCt84ux/vet5eHPd8jtLy5E+8RjY5lkG79Zmx4r2B 8I6DM5IbNhy7gtFuIvoU8UhmlrbVqH+52k4PxMDaqVmDw== X-Received: by 127.0.0.2 with SMTP id xSOTYY7687511x1y1nJp79BP; Mon, 18 Mar 2024 16:18:46 -0700 X-Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.17]) by mx.groups.io with SMTP id smtpd.web11.41836.1710763599011878436 for ; Mon, 18 Mar 2024 05:06:39 -0700 X-IronPort-AV: E=McAfee;i="6600,9927,11016"; a="5695319" X-IronPort-AV: E=Sophos;i="6.07,134,1708416000"; d="scan'208";a="5695319" X-Received: from fmviesa005.fm.intel.com ([10.60.135.145]) by orvoesa109.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Mar 2024 05:06:38 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.07,134,1708416000"; d="scan'208";a="17940386" X-Received: from pidsbabios017.gar.corp.intel.com ([10.223.9.190]) by fmviesa005-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Mar 2024 05:06:37 -0700 From: "V V, Pranav" To: devel@edk2.groups.io Cc: bhavana.s@intel.com, tabassum.yasmin@intel.com, "V V, Pranav" Subject: [edk2-devel] [PATCH] REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4650 Date: Mon, 18 Mar 2024 17:35:48 +0530 Message-Id: <69b6a59caeb88ccbf06efc97790378ffda658c04.1710762059.git.pranav.v.v@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Mon, 18 Mar 2024 16:18:46 -0700 Reply-To: devel@edk2.groups.io,pranav.v.v@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: heAiulVO80JY66rE3dU2Rt0Qx7686176AA= Content-Transfer-Encoding: 8bit X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=1u2QhkwS; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io sPasswordStrong checks for password complexity requirements. It does bare minimal checking for existence of uppercase, lowercase, numeral, and symbol. A password with repeating characters would be an acceptable password, such as 1!Aaaaaa.IsPasswordInHistory checks if the password hash of the password being entered matches the hash of the previous 5 passwords. Added a check for preventing each character repeat more than twice consecutively Signed-off-by: V V Pranav --- .../UserAuthenticationDxeStrings.uni | 4 ++-- .../UserAuthenticationDxeSmm/UserAuthenticationSmm.c | 5 +++++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationDxeStrings.uni b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationDxeStrings.uni index 1e3a179677..8c4d8528ee 100644 --- a/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationDxeStrings.uni +++ b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationDxeStrings.uni @@ -19,8 +19,8 @@ #language fr-FR "Password Management Form" #string STR_ADMIN_PASSWORD_PROMPT #language en-US "Change Admin Password" #language fr-FR "Change Admin Password" -#string STR_ADMIN_PASSWORD_HELP #language en-US "Input old admin password if it was set, then you can change the password to a new one. After the change action, you may need input the new password when you enter UI. The new password must be between 8 and 32 chars include lowercase, uppercase alphabetic, number, and symbol. Input an empty password can clean old admin password, then no need input password to enter UI." - #language fr-FR "Input old admin password if it was set, then you can change the password to a new one. After the change action, you may need input the new password when you enter UI. The new password must be between 8 and 32 chars include lowercase, uppercase alphabetic, number, and symbol. Input an empty password can clean old admin password, then no need input password to enter UI." +#string STR_ADMIN_PASSWORD_HELP #language en-US "Input old admin password if it was set, then you can change the password to a new one. After the change action, you may need input the new password when you enter UI. The new password must be between 8 and 32 chars include lowercase, uppercase alphabetic, number, symbol and each character should not repeat more than twice consecutively. Input an empty password can clean old admin password, then no need input password to enter UI." + #language fr-FR "Input old admin password if it was set, then you can change the password to a new one. After the change action, you may need input the new password when you enter UI. The new password must be between 8 and 32 chars include lowercase, uppercase alphabetic, number, symbol and each character should not repeat more than twice consecutively. Input an empty password can clean old admin password, then no need input password to enter UI." #string STR_ADMIN_PASSWORD_STS_HELP #language en-US "Current Admin Password status: Installed or Not Installed." #language fr-FR "Current Admin Password status: Installed or Not Installed." #string STR_ADMIN_PASSWORD_STS_PROMPT #language en-US "Admin Password Status" diff --git a/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.c b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.c index 98f40c1812..d5e1488162 100644 --- a/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.c +++ b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.c @@ -362,6 +362,11 @@ IsPasswordStrong ( } else { HasSymbol = TRUE; } + if ((Index+2) <= (PasswordSize - 1)) { + if (Password[Index] == Password[Index+1] && Password[Index+1] == Password[Index+2]) { + return FALSE; + } + } } if ((!HasLowerCase) || (!HasUpperCase) || (!HasNumber) || (!HasSymbol)) { return FALSE; -- 2.39.1.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116868): https://edk2.groups.io/g/devel/message/116868 Mute This Topic: https://groups.io/mt/105014792/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-