On Mar 7, 2012, at 6:29 AM, Miloslav Trmač wrote: > > UNIX didn't have these defaults originally; they were added in the > 90's only after real-world experience has shown that these policies > are necessary (and they have been pretty much unchanged for the last > 10-15 years, AFAIK). It's a philosophical conversation that's probably out of scope for this list, but this amounts to baby sitting stupid people. The first thing such a person must accept as true, is that it's necessary to parent morons by second guessing their choices. I think that in and of itself is radically moronic. It says it's OK for complete strangers to hassle other people about their passwords, not even knowing the context. It's a shake down, and it's how we've arrived at an INSANE password paradigm where we routinely can't choose long memorable passwords, and are instead often forced to choose short 12-15 character passwords that mandate a certain quantity of numerical and special characters. They're difficult to remember, ensuring it will be written down, likely in some unencrypted file, and actually increases the statistical likelihood of a compromise. > > (and FWIW, regarding the "hullop130" password, a quick grep shows that > "hullo" is in the dictionary, and cracklib may have additional rules > or ways to arrive at the password from a different dictionary word). Ok so in other words, this is a 5 year old baby sitter and is marginally competent at the intended task from the outset. I get a time to crack between 101 seconds and 32000 years. The computer in question is used only for testing. The single drive was wiped using the ATA ESE command before I started, so there literally is nothing useful on this computer, but setting the password was like getting sand in body orifices. I su'd to root and changed the password to hello, and now I feel much better. Chris Murphy -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel