On Wed, 2011-11-30 at 20:09 -0500, Adam M. Dutko wrote:
The more characters the better, the more complex the better, and the
less predictable the better.
Following this, then we should not enforce a minimum number of different
characters in the password, nor should we use a rainbow table to check
for existing/known password.
I guess it is all a matter of balance pros and cons but I cannot make my
mind on what is best ('aaaaaaaaaaaaaaaaaaaa' still seem to be a horrible
password to me).
I'll just keep the patch somewhere until we've decided if it is worth
applying or not.
Thanks,
Pierre