[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFC: changes to default password strength checks in pam_unix

On Sun, Sep 02, 2007 at 10:29:31PM -0400, Daniel Jacobowitz wrote:
> How about modern brain availability?  You'll just get a lot of annoyed
> people changing it back; for example, makepasswd still uses a minimum
> length of six.

And pwgen defaults to eight... the length recommended by IETF RFC
4086 section 7.1.1, taken from the US DoD recommendations
(superseding section 7.1 of RFC 1750, which was recommending the
same 8 byte length back in 1994, for perspective).
{ IRL(Jeremy_Stanley); PGP(9E8DFF2E4F5995F8FEADDC5829ABF7441FB84657);
SMTP(fungi@yuggoth.org); IRC(fungi@irc.yuggoth.org#ccl); ICQ(114362511);
AIM(dreadazathoth); YAHOO(crawlingchaoslabs); FINGER(fungi@yuggoth.org);
MUD(fungi@katarsis.mudpy.org:6669); WWW(http://fungi.yuggoth.org/); }

Reply to: