Re: RFC: changes to default password strength checks in pam_unix
On Mon, September 3, 2007 08:37, Bas Zoetekouw wrote:
> And what's the rationale to change the minimum length to 8? It won't
> help security, as people who pick weak passwords now, will still pick weak,
> but longer, passwords.
I agree with Bas here: I'm all for removing the Debian deviation from
upstream, so please go ahead with that, but raising it further is not
necessarily a useful thing to do. I can easily think of a 6-char password
that is a lot more difficult to guess than an 8 char one.