From: Jouni Malinen Date: Wed, 3 Jun 2020 22:36:50 +0000 (+0300) Subject: SAE-PK: Increment the minimum password length to 9 X-Git-Tag: hostap_2_10~1219 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c85b39ec503e331c1de9c9e26331da96615ed066;p=thirdparty%2Fhostap.git SAE-PK: Increment the minimum password length to 9 While this is not explicitly defined as the limit, lambda=8 (i.e., 9 characters with the added hyphen) is needed with Sec=5 to reach the minimum required resistance to preimage attacks, so use this as an implicit definition of the password length constraint. Signed-off-by: Jouni Malinen --- diff --git a/src/common/sae_pk.c b/src/common/sae_pk.c index 624557a4e..2469534b9 100644 --- a/src/common/sae_pk.c +++ b/src/common/sae_pk.c @@ -27,11 +27,12 @@ bool sae_pk_valid_password(const char *pw) { int pos; - /* Minimum password length for SAE-PK is not defined, but the automatic - * password style determination is more reliable if at least one hyphen - * is forced to be present in the password. */ - if (os_strlen(pw) < 6) + if (os_strlen(pw) < 9) { + /* Not long enough to meet the minimum required resistance to + * preimage attacks, so do not consider this valid for SAE-PK. + */ return false; + } for (pos = 0; pw[pos]; pos++) { if (pos && pos % 5 == 4) {