|
Also, I would think we should not allow for same characters
adjacent to each other. For ex, Say - "rep@rcuss1on" this would be hard but a brute force can still crack this.... (offline password crack using johntheripper recent rootkit.com exploit). ~Jose On 20/03/2011 12:49 p.m., Kevin Fenzi wrote: On Thu, 17 Mar 2011 20:58:36 -0400 Ricky Zhou <ricky@xxxxxxxxxxxxxxxxx> wrote:Hey, so we discussed in the meeting, FAS's password requirements are currently very lax - just a minimum length of 8 characters. What do we think the requirements should be changed to? One possible strength checker that I mentioned during the meeting was: http://www.nongnu.org/python-crack/ This can use a dictionary to detect weak passwords. Thoughts?I think a bit of requirements could be good here. What are the requirements used by anaconda/passwd? Many fedora folks should be used to those. pam_cracklib defaults to 8 char I think (man pam_cracklib), but not sure on which other things it gates. - forbid the login in the password (either forward or backward) - 8 chars - at least 1 upper case - at least 1 special char Or the like. I think having some requirements is good... kevin_______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure |
_______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
