On Thu, 2011-12-01 at 09:18 -0500, Adam M. Dutko wrote: > > > I'll just keep the patch somewhere until we've decided > > if it is worth applying or not. > > I was not implying the patch isn't worthwhile or that we shouldn't > apply it. I'm interested to hear feedback as to what you think would > be a good solution and the reasoning behind your thoughts. I am saying it, I am really pondering whether it is something we should do (as I am not a security expert). I think we should but I do ponder how strong. At the moment in the patch I just check if there are more than 3 different characters in the whole chain. Meaning for a 20 characters long password you would have: 26*25*(24^18) = 4.536446e+27 trials (against 26^20 = 1.992815e+28) > Where is the patch? Can you post it on ReviewBoard? > (https://fedorahosted.org/reviewboard) and assign it to me please? Or > can you stop by #fedora-admin and ping me with a link to it? My IRC > nick is styluseater. Thank you. I simply put it there: http://fpaste.org/Hw9s/ I can add it to the reviewboard if needed. (Actually in this version I check that there are at least 2 different characters). Pierre _______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
