Re: RFC: changes to default password strength checks in pam_unix
On Sun, Sep 02, 2007 at 02:39:25PM -0700, Steve Langasek wrote:
> On Mon, Sep 03, 2007 at 12:04:52AM +0300, Lars Wirzenius wrote:
> > su, 2007-09-02 kello 12:47 -0700, Steve Langasek kirjoitti:
> > > Does anyone else have a reasoned argument why Debian should have a weaker
> > > password length check than upstream (4 chars instead of 6)? If not, this
> > > will be changed in the next upload of pam.
> > What's the justification of not using a minimum password length of 8?
> Given modern processor power availability, I can't think of one;
How about modern brain availability? You'll just get a lot of annoyed
people changing it back; for example, makepasswd still uses a minimum
length of six.