On Tue, Feb 24, 2015 at 8:59 AM, Hubert Kario <hkario@xxxxxxxxxx> wrote: > On Tuesday 24 February 2015 08:53:04 Chris Murphy wrote: >> Half of these will be allowed with the current installer behavior: >> # pwscore >> apple:123456 >> 55 >> # pwscore >> apple:trustn01 >> 84 >> # pwscore >> bob:trustn01 >> 55 >> # pwscore >> bob:password >> 58 > > I think that Stephen meant: > for user name 'apple' the attacker tries 'apple', '123456', 'trustn01', etc. > for user name 'bob'... OK. > But yes, 'trustn01' is accepted, with score of 1 Anaconda's threshold is somewhere around 40-50. -- Chris Murphy -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
