Chris Murphy <lists <at> colorremedies.com> writes: > If this is really an improvement in security, which it isn't because > an 8 character "good" password still has very low entropy, then it It depends - if the only concern is remote access, and there is a limit on the number of login attempts (either by number or rate, or both), and the attacker doesn't know the password hash, even 8 characters is pretty strong. And if local access is a concern, then anaconda should take other measures (requiring disk encryption or a bootloader password?) as well, to be consistent. (Personally I agree with you, as long as the user is informed that the password is weak, at that point they should be allowed to use it if they want.) -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
