SAE-PK: Increment the minimum password length to 9

While this is not explicitly defined as the limit, lambda=8 (i.e., 9
characters with the added hyphen) is needed with Sec=5 to reach the
minimum required resistance to preimage attacks, so use this as an
implicit definition of the password length constraint.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

diff --git a/src/common/sae_pk.c b/src/common/sae_pk.c
index 624557a4efbbe7d4d0a8967c98a8c504a6853ee5..2469534b9cd2256cafa013a66be5d2775227f7d7 100644 (file)
--- a/src/common/sae_pk.c
+++ b/src/common/sae_pk.c
@@ -27,11 +27,12 @@ bool sae_pk_valid_password(const char *pw)
 {
        int pos;
 
-       /* Minimum password length for SAE-PK is not defined, but the automatic
-        * password style determination is more reliable if at least one hyphen
-        * is forced to be present in the password. */
-       if (os_strlen(pw) < 6)
+       if (os_strlen(pw) < 9) {
+                /* Not long enough to meet the minimum required resistance to
+                 * preimage attacks, so do not consider this valid for SAE-PK.
+                 */
                return false;
+       }
 
        for (pos = 0; pw[pos]; pos++) {
                if (pos && pos % 5 == 4) {