[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFC: changes to default password strength checks in pam_unix

On Mon, Sep 03, 2007 at 07:01:38AM +0200, Christian Perrier wrote:
> > > Given modern processor power availability, I can't think of one;
> > 
> > How about modern brain availability?  You'll just get a lot of annoyed
> > people changing it back; for example, makepasswd still uses a minimum
> > length of six.
> 
> 
> My weak English makes me think your comment is rude. Please excuse
> me then if this is not.

I apologize if my meaning was unclear; it was not meant to be rude.  I
think that looking at only the power of modern CPUs - how long it
takes to crack a password - misses the point.  If you enforce longer
passwords than people are comfortable with, you get weaker passwords
(or poor password management practices).  It's the humans that matter,
not the machines.

-- 
Daniel Jacobowitz
CodeSourcery
Reply to: