Steve Langasek wrote: > My only concern with this function is that it would still treat (e.g) two > 128-character passwords with good randomization as too similar if they > contained the same set of characters. Still, the proposed change is certainly > a far sight better than what we currently have, and I don't know of a simple > way to check if two passwords are too similar (or even a simple way to > /define/ if they're too similar), so I'm not going to worry too much about it. > :) What still concerns me is that a password like: thequickbrownfoxjumpsoverthelazydog would be hard to replace, since this check would basically match most of any conventional replacment. Any ideas on that? Cheers Andrew
