Re: RFC: changes to default password strength checks in pam_unix

To: debian-devel@lists.debian.org
Subject: Re: RFC: changes to default password strength checks in pam_unix
From: "Thijs Kinkhorst" <thijs@debian.org>
Date: Mon, 3 Sep 2007 09:07:15 +0200 (CEST)
Message-id: <[🔎] 49468.82.215.34.9.1188803235.squirrel@wm.kinkhorst.nl>
In-reply-to: <[🔎] 20070903063759.GA32498@zoetekouw.net>
References: <[🔎] 20070902194736.GA10366@dario.dodds.net> <[🔎] 1188767092.12456.11.camel@dorfl.lan> <[🔎] 20070902213925.GD10366@dario.dodds.net> <[🔎] 20070903022931.GA5649@caradoc.them.org> <[🔎] 20070903050138.GR9479@kheops.homeunix.org> <[🔎] 20070903063759.GA32498@zoetekouw.net>

On Mon, September 3, 2007 08:37, Bas Zoetekouw wrote:
> And what's the rationale to change the minimum length to 8?  It won't
> help security, as people who pick weak passwords now, will still pick weak,
> but longer, passwords.

I agree with Bas here: I'm all for removing the Debian deviation from
upstream, so please go ahead with that, but raising it further is not
necessarily a useful thing to do. I can easily think of a 6-char password
that is a lot more difficult to guess than an 8 char one.

Thijs

Reply to:

Follow-Ups:
- Re: RFC: changes to default password strength checks in pam_unix
  - From: "Wesley J. Landaker" <wjl@icecavern.net>

References:
- RFC: changes to default password strength checks in pam_unix
  - From: Steve Langasek <vorlon@debian.org>
- Re: RFC: changes to default password strength checks in pam_unix
  - From: Lars Wirzenius <liw@iki.fi>
- Re: RFC: changes to default password strength checks in pam_unix
  - From: Steve Langasek <vorlon@debian.org>
- Re: RFC: changes to default password strength checks in pam_unix
  - From: Daniel Jacobowitz <dan@debian.org>
- Re: RFC: changes to default password strength checks in pam_unix
  - From: Christian Perrier <bubulle@debian.org>
- Re: RFC: changes to default password strength checks in pam_unix
  - From: Bas Zoetekouw <bas@debian.org>

Prev by Date: Re: RFC: changes to default password strength checks in pam_unix
Next by Date: Re: RFC: changes to default password strength checks in pam_unix
Previous by thread: Re: RFC: changes to default password strength checks in pam_unix
Next by thread: Re: RFC: changes to default password strength checks in pam_unix
Index(es):
- Date
- Thread