On Fri, Sep 06, 2013 at 11:30:30AM -0600, Stephen John Smoogen wrote:
I am all for 16+ character passwords, but what you get is qazwsxedcrfvtgb versus injureCarpRoast. And then you get a TON of backlash on how hard it is to create a 16 character password that they can remember. Doing our weaker Fedora password rules of 9->12] was enough for me to realize that the amount of pushback one gets from even 'security minded' people. My first question would be is the 8MB worth the pain of that OR would a better solution for ultra-small installations is a kickstart %post scriptlet which does the config that is needed to not have a cracklib installed (because any ultrasmall installation is going to need a lot of scriptlets).
What I was thinking was a 16-character configuration if the cracklib dict isn't installed or is small, and the current 8-character configuration otherwise. Maybe this is silly.