https://gitlab.synchro.net/main/sbbs/-/commit/a81e64575c9f30c0a3af0fd5
Modified Files:
src/sbbs3/str.cpp
Log Message:
Rework part of the "good password" checking algorithm
Require that a good password contain a sequence of unique characters
(not repeating, incrementing, or decrementing in ASCII code value) of at least half the configured minimum password length. By default, the minimum password length is 4 chars, so this means a sequence of at least 2 unique characters
is required. If the minimum password length is increased by the sysop, so is the minimum required unique sequence length. The "PasswordInvalid" text.dat string is printed when passwords are rejected by this criteria.
Previously, the following would be rejected by this portion of the algo,
this logic has been replaced by the above:
- all chars the same (would print the "PasswordInvalid" text.dat string)
- first 4 chars are incrementing ("PasswordObvious" string printed)
- first 4 chars are decrementing ("PasswordObvious" string printed)
but now, a password that starts with "1234" or "abcd" is fine so long as it's longer than that and contains the minimum unique sequence length. This will prevent SBBS from rejecting high quality (e.g. randomly generated or crypto-hashed) passwords that just happen to begin with an incrementing sequence of 4 digits or alpha-characters.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net