Wan-Teh Chang wrote: > 2008/10/6 Kai Engert <[EMAIL PROTECTED]>: > >> Wan-Teh Chang wrote: >> >>> - The password must be at least seven characters long. >>> - The password must consist of characters from three or more character >>> classes (uppercase, lowercase, digits, etc.). >>> >>> >> NSS rejects abcDEF7 although it matches your above description. >> > > Sorry, I was too lazy to type the second requirement completely. > It should read: > > - The password must consist of characters from three or more > character classes. We define five character classes: digits (0-9), > ASCII lowercase letters, ASCII uppercase letters, ASCII > non-alphanumeric characters (such as space and punctuation > marks), and non-ASCII characters. If an ASCII uppercase letter > is the first character of the password, the uppercase letter is not > counted toward its character class. Similarly, if a digit is the > last character of the password, the digit is not counted toward > its character class. > > So the 7 at the end of abcDEF7 is not counted. If you try > 7abcDEF, it'll work. > > Wan-Teh > Hi Wan-Teh, thanks for the info.
Here is what I did using PSM in Firefox 3.0.3 on Fedora 8. I started Firefox with a new profile. Then I opened "Security Devices" dialog. I tried to enable the FIPS and I got "FIPS mode requires that you have a Master Password set for each security device. " message. SO, I initialize the password of 'Software security Device" to 'abcd1234'. Note that my password does not follow your FIPS requirements. Next, I enable the module for FIPS compliance and then I login to "internal key token". Everything works fine. No exception yet. Now, when I try to change the password with new value "wxyz1234" and I failed to do so. Only message is "Unable to change Master Password." Then I follow your instruction and use '12ABcd34' and it successfully changes the password. I guess that the problem is in documentation and the PSM GUI. The PSM GUI should have clearly stated the password policy requirement in the password change dialog window. Also, NSS should have enforced the FIPS password policy during the FIPS enablement. It should not have enabled the internal token for FIPS with non-complaint password. -- Subrata _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
