On 02/12/2015 04:19 AM, Kamil Paral wrote:
On 02/05/2015 12:36 PM, Brian C. Lane wrote:
Next to impossible? Really? I've find it easy to come up with passwords
that work. We even report libpwquality's reason for any failures.
I tried it today with the images built for anaconda dnf test day [1]. The results are very much different, see below:
...
So, 3 of your 7 proposed passwords are not allowed in Anaconda.
All of these are also weak (8 characters randomly typed on the keyboard, containing an uppercase letter, a number and a special character):
mT5&sofj
lk6m*Afh
4muDb^pd
s@tYu9vb
... and I assume *everything else* based on this formula, according to my testing.
I wonder why is my experience so vastly different from yours?
I have encountered something similar with the Rawhide armv7 images.
Passwords that I used on F21-x86 installs and scoring moderate to good,
are all weak and not accepted. There is no way to say, 'use this
anyway'. as in the past.
Developing good password practices are important, but the attacks are
getting too good as well. The insantity of all of this result in people
writing down passwords. We all know this. Of course there is the
argument of protecting from remote attacks, as office attacks are these
days less frequent than the constant pounding of remote attacks.
Doesn't matter; the users will scream, come up with ONE password that
works and use it everywhere.
Minimally there needs to be a switch to use the 'old rules'. Where even
with this switch, the score of the password on the new rules is reported.
Check out:
http://cryptosmith.com/password-sanity/
this is old, but still true.
--
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test
