Unable to set a permanent password #5915
Replies: 2 comments
-
I want to use rustdesk for personal devices without internet access and it is frustrating that I am forced to set complicated passwords that I won't remember instead of being advised but allowed to set what I want. Please consider removing the hard requirement for all of these to be green |
Beta Was this translation helpful? Give feedback.
-
Probably it would be better to make suggestions based on the strength of the password instead of forcing this or that character. |
Beta Was this translation helpful? Give feedback.
-
Bug Description
Unable to set a permanent password
How to Reproduce
Attempt to set a password, such as fa530f6ed15dff47f8a96158cde0a2cf
Expected Behavior
Awaiting password acceptance
Operating system(s) on local side and remote side
All
RustDesk Version(s) on local side and remote side
1.2.2
Screenshots
Additional Context
Password requirements are usually advisory in nature. But in this case the entropy of the password is quite high, so the requirements about capitalized characters have nothing to do with security.
You can verify this by inserting this password into reputable password cracking time calculation services. Even if the attacker knows that the password contains only lower case numbers and letters (and he doesn't), if the password is long enough, the entropy will be large enough to make the cracking time decades.
If you are really worried about some "minimum level of security", then I would like to point out that your system allows the password "Qw1Qw1Qw1" but does not allow the password "fa530f6ed15dff47f8a96158cde0a2cf", although obviously the first password has a low complexity even though it has different character types.
That's why I ask you to calculate the password complexity and not to rely on the presence or absence of any characters.
Beta Was this translation helpful? Give feedback.
All reactions