Re: RFC: changes to default password strength checks in pam_unix
>> I agree with Bas here: I'm all for removing the Debian deviation from
>> upstream, so please go ahead with that, but raising it further is not
>> necessarily a useful thing to do. I can easily think of a 6-char password
>> that is a lot more difficult to guess than an 8 char one.
>
> Especially when the most common response I've seen to a system saying that a
> password is not long enough is to start adding easily guessable extension
> strings to the password the user already picked, NOT to sit back down and
> think up a better, intrinsicly longer password:
that's what libpam-cracklib is for.
--
Bernd Zeimetz
<bernd@bzed.de> <http://bzed.de/>
Reply to: