[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFC: changes to default password strength checks in pam_unix

On Mon, Sep 03, 2007 at 07:01:38AM +0200, Christian Perrier wrote:
> > > Given modern processor power availability, I can't think of one;
> > 
> > How about modern brain availability?  You'll just get a lot of annoyed
> > people changing it back; for example, makepasswd still uses a minimum
> > length of six.
> My weak English makes me think your comment is rude. Please excuse
> me then if this is not.

I apologize if my meaning was unclear; it was not meant to be rude.  I
think that looking at only the power of modern CPUs - how long it
takes to crack a password - misses the point.  If you enforce longer
passwords than people are comfortable with, you get weaker passwords
(or poor password management practices).  It's the humans that matter,
not the machines.

Daniel Jacobowitz

Reply to: