[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFC: changes to default password strength checks in pam_unix

On Sun, Sep 02, 2007 at 02:39:25PM -0700, Steve Langasek wrote:
> On Mon, Sep 03, 2007 at 12:04:52AM +0300, Lars Wirzenius wrote:
> > su, 2007-09-02 kello 12:47 -0700, Steve Langasek kirjoitti:
> > > Does anyone else have a reasoned argument why Debian should have a weaker
> > > password length check than upstream (4 chars instead of 6)?  If not, this
> > > will be changed in the next upload of pam.
> 
> > What's the justification of not using a minimum password length of 8?
> 
> Given modern processor power availability, I can't think of one;

How about modern brain availability?  You'll just get a lot of annoyed
people changing it back; for example, makepasswd still uses a minimum
length of six.

-- 
Daniel Jacobowitz
CodeSourcery
Reply to: