[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFC: changes to default password strength checks in pam_unix

>> I agree with Bas here: I'm all for removing the Debian deviation from
>> upstream, so please go ahead with that, but raising it further is not
>> necessarily a useful thing to do. I can easily think of a 6-char password
>> that is a lot more difficult to guess than an 8 char one.
> Especially when the most common response I've seen to a system saying that a 
> password is not long enough is to start adding easily guessable extension 
> strings to the password the user already picked, NOT to sit back down and 
> think up a better, intrinsicly longer password:

that's what libpam-cracklib is for.

Bernd Zeimetz
<bernd@bzed.de>                         <http://bzed.de/>

Reply to: