[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFC: changes to default password strength checks in pam_unix

Hi Christian!

You wrote:

> I don't really understand the need for turning your comment this way,
> which indeed doesn't make your point clear, whether you agree or
> disagree with the idea of default enforcement of 8 characters length
> for passwords. 
> It seems you disagree, but don't really give a rationale for it except
> "some other programs we have in Debian default to 6 chars". Am I right?

And what's the rationale to change the minimum length to 8?  It won't
help security, as people who pick weak passwords now, will still pick
weak, but longer, passwords.  

Kind regards,
| Bas Zoetekouw              | GPG key: 0644fab7                     |
|----------------------------| Fingerprint: c1f5 f24c d514 3fec 8bf6 |
| bas@debian.org             |              a2b1 2bae e41f 0644 fab7 |

Reply to: