On Mon, Mar 9, 2015 at 4:53 PM, Björn Persson <Bjorn@rombobjörn.se> wrote: > Nico Kadel-Garcia wrote: >> I'm the guy that brought up the XKCD comic. > > I did it first. ;-) Sorry, I think it was adamw who referenced it on anaconda-devel@ over a month ago when this topic first came up. :-D And I referenced it again on security@ list when I pointed out Adam's correcthorse and correcthorsebatterystaple are accepted by Anaconda, while the XKCD "troubadour" password it railed against is accepted. Now, that's not the part that's Anaconda's fault. It's not even really libpwquality's fault per se because this is actually a difficult problem to score passwords. However, it's ironic that a now widely published passphrase, including two simple dictionary words, is permitted yet shouldn't be if we really care about this problem, while the actually bad password is permitted. Hence why I think the Anaconda change is utterly pointless, brings no meaningful security gain, for a lot of needless controversy. -- Chris Murphy -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
