Heads up - Anaconda 22.17 will enforce 'good' passwords
Andre Robatino
robatino at fedoraproject.org
Fri Jan 30 01:27:01 UTC 2015
Chris Murphy <lists <at> colorremedies.com> writes:
> If this is really an improvement in security, which it isn't because
> an 8 character "good" password still has very low entropy, then it
It depends - if the only concern is remote access, and there is a limit on
the number of login attempts (either by number or rate, or both), and the
attacker doesn't know the password hash, even 8 characters is pretty strong.
And if local access is a concern, then anaconda should take other measures
(requiring disk encryption or a bootloader password?) as well, to be
consistent. (Personally I agree with you, as long as the user is informed
that the password is weak, at that point they should be allowed to use it if
they want.)
More information about the test
mailing list