On Fri, Sep 06, 2013 at 03:08:54PM +0200, Tomas Mraz wrote: > The other option would be to fix the gzip support in cracklib to cache > the unpacked data somehow. However that would require to keep the > unpacked dictionary in RAM when cracklib is loaded, which is suboptimal > as well. Or we could make the cracklib-dicts optional somehow so it is > possible to install an ultra small cloud image without the dictionary at > all - I expect ultra small cloud image not needing password quality > checking at all. Yes, that's https://bugzilla.redhat.com/show_bug.cgi?id=865521 :) "Optional somehow" is easy -- make "cracklib-dicts-full" and "cracklib-dicts-small" and make them both provide "cracklib-dicts". (The small could consist of some list of N most common passwords, plus N most common words in N languages, where all of the Ns are chosen to keep the filesize to 100k or so.) Somewhat ironically, I bet we could compress that 100k without much of a performance hit, too. :) -- Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ <mattdm@xxxxxxxxxxxxxxxxx> -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
