Re: Password diversity

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2011-12-01 at 09:18 -0500, Adam M. Dutko wrote:
> 
> > I'll just keep the patch somewhere until we've decided
> > if it is worth applying or not.
> 
> I was not implying the patch isn't worthwhile or that we shouldn't
> apply it. I'm interested to hear feedback as to what you think would
> be a good solution and the reasoning behind your thoughts.

I am saying it, I am really pondering whether it is something we should
do (as I am not a security expert). I think we should but I do ponder
how strong.

At the moment in the patch I just check if there are more than 3
different characters in the whole chain. Meaning for a 20 characters
long password you would have:
26*25*(24^18) = 4.536446e+27 trials
(against 26^20 = 1.992815e+28)

> Where is the patch? Can you post it on ReviewBoard?
> (https://fedorahosted.org/reviewboard) and assign it to me please? Or
> can you stop by #fedora-admin and ping me with a link to it? My IRC
> nick is styluseater. Thank you. 

I simply put it there: http://fpaste.org/Hw9s/
I can add it to the reviewboard if needed.
(Actually in this version I check that there are at least 2 different
characters).

Pierre
_______________________________________________
infrastructure mailing list
infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/infrastructure



[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux