On Thu, 17 Mar 2011 20:58:36 -0400 Ricky Zhou <ricky@xxxxxxxxxxxxxxxxx> wrote: > Hey, so we discussed in the meeting, FAS's password requirements are > currently very lax - just a minimum length of 8 characters. What do > we think the requirements should be changed to? > > One possible strength checker that I mentioned during the meeting was: > http://www.nongnu.org/python-crack/ > > This can use a dictionary to detect weak passwords. > > Thoughts? I think a bit of requirements could be good here. What are the requirements used by anaconda/passwd? Many fedora folks should be used to those. pam_cracklib defaults to 8 char I think (man pam_cracklib), but not sure on which other things it gates. - forbid the login in the password (either forward or backward) - 8 chars - at least 1 upper case - at least 1 special char Or the like. I think having some requirements is good... kevin
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
