Hello, i think that passwords used in syncthing should have some basic quality checking before being applied.
Currently it is quite easy to accidentaly sync data to untrusted node with very weak password (eg. single lowercase character). Which in some cases might be hard or impossible to undo (once you leak data, you cannot unleak them).
I think there should be 3 modes:
CARELESS: any password will do
MEDIUM: at least 8 characters, at least one numeric character, at least one letter
HIGH: at least 10 characters, at least one numeric, at least one lower case letter, at least one upper case letter, at least one special character
User would be able to choose from these modes in ADVANCED configuration menu. With MEDIUM being the default. It would be possible to configure different mode separately for data encryption and for login to web GUI.
So i can have eg.: Medium for data encryption and High for UI login.
That way if people want to use something less than MEDIUM strength, they would need to go through all the red warnings and exclamation marks that are in advanced config menu.