cracklib dicts size (and fedora password policy)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The cracklib dicts in Fedora is 8.3M. (I'm sure some of this is my fault, as
I've added to it over the years.) The cracklib pam module supports a
compressed dictionary, but apparently it has a serious performance impact
(https://bugzilla.redhat.com/show_bug.cgi?id=1004896).

Meanwhile, in many systems today, local passwords are entirely unused.
Authentication is done via keys or by kerberos.

At the same time, we have an increased need for smaller systems. That 8MB
starts to be a meaningful fraction of a container or an ultra-small cloud
image.

I do recognize the value of protecting against dictionary-based attacks when
passwords are used. Maybe we could have a policy which requires _longer_
passwords but uses a much smaller dictionary?

-- 
Matthew Miller  ☁☁☁  Fedora Cloud Architect  ☁☁☁  <mattdm@xxxxxxxxxxxxxxxxx>
--
security mailing list
security@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/security





[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Coolkey]

  Powered by Linux