[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFC: changes to default password strength checks in pam_unix

On Mon, September 3, 2007 08:37, Bas Zoetekouw wrote:
> And what's the rationale to change the minimum length to 8?  It won't
> help security, as people who pick weak passwords now, will still pick weak,
> but longer, passwords.

I agree with Bas here: I'm all for removing the Debian deviation from
upstream, so please go ahead with that, but raising it further is not
necessarily a useful thing to do. I can easily think of a 6-char password
that is a lot more difficult to guess than an 8 char one.


Reply to: