Re: cracklib dicts size (and fedora password policy)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Sep 06, 2013 at 03:08:54PM +0200, Tomas Mraz wrote:
> The other option would be to fix the gzip support in cracklib to cache
> the unpacked data somehow. However that would require to keep the
> unpacked dictionary in RAM when cracklib is loaded, which is suboptimal
> as well. Or we could make the cracklib-dicts optional somehow so it is
> possible to install an ultra small cloud image without the dictionary at
> all - I expect ultra small cloud image not needing password quality
> checking at all.

Yes, that's https://bugzilla.redhat.com/show_bug.cgi?id=865521 :)

"Optional somehow" is easy -- make "cracklib-dicts-full" and
"cracklib-dicts-small" and make them both provide "cracklib-dicts".

(The small could consist of some list of N most common passwords, plus
N most common words in N languages, where all of the Ns are chosen to keep
the filesize to 100k or so.)

Somewhat ironically, I bet we could compress that 100k without much of a
performance hit, too. :)

-- 
Matthew Miller  ☁☁☁  Fedora Cloud Architect  ☁☁☁  <mattdm@xxxxxxxxxxxxxxxxx>
--
security mailing list
security@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/security





[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Coolkey]

  Powered by Linux