[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFC: changes to default password strength checks in pam_unix

> I apologize if my meaning was unclear; it was not meant to be rude.  I
> think that looking at only the power of modern CPUs - how long it
> takes to crack a password - misses the point.  If you enforce longer
> passwords than people are comfortable with, you get weaker passwords
> (or poor password management practices).  It's the humans that matter,
> not the machines.

OK, got the point. Sorry for the misunderstanding (I was thinking that
you were suggesting the original proposer of this enforcement to get a
better brain..:-)).

For sure, this point is to be considered and, definitely, this is what
I've personnally experienced in day to day life (user getting weak
passwords when the length is enforced). Despite this, I still
favor some enforcement on passwords and the legnth is part of the

I see this as a kind of "cultural" enforcement of the fact that
passwords are important stuff and seeing us (Debian, often seen as the
operating system of choice for hardcore geeks) being serious about
this is something that I would find correct policy.

Attachment: signature.asc
Description: Digital signature

Reply to: