Re: RFC: changes to default password strength checks in pam_unix

To: debian-devel@lists.debian.org
Cc: debian-devel@lists.debian.org
Subject: Re: RFC: changes to default password strength checks in pam_unix
From: Bas Zoetekouw <bas@debian.org>
Date: Mon, 3 Sep 2007 08:37:59 +0200
Message-id: <[🔎] 20070903063759.GA32498@zoetekouw.net>
In-reply-to: <[🔎] 20070903050138.GR9479@kheops.homeunix.org>
References: <[🔎] 20070902194736.GA10366@dario.dodds.net> <[🔎] 1188767092.12456.11.camel@dorfl.lan> <[🔎] 20070902213925.GD10366@dario.dodds.net> <[🔎] 20070903022931.GA5649@caradoc.them.org> <[🔎] 20070903050138.GR9479@kheops.homeunix.org>

Hi Christian!

You wrote:

> I don't really understand the need for turning your comment this way,
> which indeed doesn't make your point clear, whether you agree or
> disagree with the idea of default enforcement of 8 characters length
> for passwords. 
> 
> It seems you disagree, but don't really give a rationale for it except
> "some other programs we have in Debian default to 6 chars". Am I right?

And what's the rationale to change the minimum length to 8?  It won't
help security, as people who pick weak passwords now, will still pick
weak, but longer, passwords.  

-- 
Kind regards,
+--------------------------------------------------------------------+
| Bas Zoetekouw              | GPG key: 0644fab7                     |
|----------------------------| Fingerprint: c1f5 f24c d514 3fec 8bf6 |
| bas@debian.org             |              a2b1 2bae e41f 0644 fab7 |
+--------------------------------------------------------------------+

Reply to:

Follow-Ups:
- Re: RFC: changes to default password strength checks in pam_unix
  - From: "Thijs Kinkhorst" <thijs@debian.org>

References:
- RFC: changes to default password strength checks in pam_unix
  - From: Steve Langasek <vorlon@debian.org>
- Re: RFC: changes to default password strength checks in pam_unix
  - From: Lars Wirzenius <liw@iki.fi>
- Re: RFC: changes to default password strength checks in pam_unix
  - From: Steve Langasek <vorlon@debian.org>
- Re: RFC: changes to default password strength checks in pam_unix
  - From: Daniel Jacobowitz <dan@debian.org>
- Re: RFC: changes to default password strength checks in pam_unix
  - From: Christian Perrier <bubulle@debian.org>

Prev by Date: Re: RFC: changes to default password strength checks in pam_unix
Next by Date: Re: RFC: changes to default password strength checks in pam_unix
Previous by thread: Re: RFC: changes to default password strength checks in pam_unix
Next by thread: Re: RFC: changes to default password strength checks in pam_unix
Index(es):
- Date
- Thread