Re: Anaconda 22.17+ enforces "good" passwords

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wednesday 25 February 2015 18:55:29 Chris Murphy wrote:
> On Wed, Feb 25, 2015 at 10:42 AM, Stephen John Smoogen <smooge@xxxxxxxxx> 
wrote:
> > However unless we can agree to some sort of measurement system then every
> > thing we 'impose' is going to be no better than throwing salt over our
> > shoulder and turning 3 times windershin.
> 
> Feynman's Freshman Class problem... I don't think this is well enough
> understood to put this in front of users. And by this, I mean,
> concepts like entropy or even a score.

That's why I proposed to also show a minimum entropy/score needed.

If I provide something that gets score of 10 while the requirement is for 20, 
then I know that I need something much more complex.

on the other hand, if I get 19 and the requirement is for 20, I know I need 
just simple modification to push it over the threshold.

Users already are rather familiar with password quality meters.

But the minimum entropy *depends directly* on rate limiting and password 
ageing settings.

> It also doesn't actively give advice in advance, it only disqualifies
> (or admonishes) after the fact, so it's negative (re)enforcement,
> rather than being positive. And I can't agree this is the right
> direction to go in.

What I had in mind, was that the password evaluation (and example passwords) 
is done after the user stops writing (0.5s of inactivity?) or moves to the re-
entry field. So it's during the act, not after.

It's also rather hard to tell the user he can't have the password he or she 
likes before knowing it...
-- 
Regards,
Hubert Kario
Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic

Attachment: signature.asc
Description: This is a digitally signed message part.

--
security mailing list
security@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/security

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Coolkey]

  Powered by Linux