Re: RFC: changes to default password strength checks in pam_unix
On Mon, Sep 03, 2007 at 07:01:38AM +0200, Christian Perrier wrote:
> > > Given modern processor power availability, I can't think of one;
> > How about modern brain availability? You'll just get a lot of annoyed
> > people changing it back; for example, makepasswd still uses a minimum
> > length of six.
> My weak English makes me think your comment is rude. Please excuse
> me then if this is not.
I apologize if my meaning was unclear; it was not meant to be rude. I
think that looking at only the power of modern CPUs - how long it
takes to crack a password - misses the point. If you enforce longer
passwords than people are comfortable with, you get weaker passwords
(or poor password management practices). It's the humans that matter,
not the machines.