[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#364526: debian-installer: Please implement a password-checking module



Masami Ichikawa wrote:
> +Template: passwd/chkpasswdstrength
> +Type: boolean
> +Default: true
> +_Description: : Reject weak passwords?
> + Please choose whether you want the entered passwords strength to be
> + checked and passwords found as 'weak' to be rejected. 

I'd suggest turning this around. Don't first ask whether to check
passwords. Just check them. If the password is weak, prompt y/n whether
to accept the weak password. The benefits are:

a. It's easier to decide whether a weak password should be accepted once
   you've actually entered it. It could even indicate what's wrong with
   the password in its message.
b. This avoids the extra question "most" of the time, assuming people
   often enter a strong password.
c. This should be reasonably non-annoying for testers, who tend to use
   weak passwords.

Also, it seems to me that it would be much better to use the existing
cracklib stuff for password strength checking rather than
re-implementing that. If it could be made into a small enough udeb..

-- 
see shy jo

Attachment: signature.asc
Description: Digital signature


Reply to: