Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

Nathan O. ndowens04 at
Thu Oct 13 18:34:45 UTC 2011

I think requiring a minium sized password that is pretty long, like maybe
15-20 or larger. The chance of somebody cracking those sized passwords would
be smaller. Also I know there was a previous issue about the Yubikey as part
of security. In my opinion requiring a 15-20 long password added with a
Yubikey would be something that would maybe lessen the chance. I currently
use Lasspass to create passwords, and my master password is a long password
and the password I get it to generate is also quite long.

On Thu, Oct 13, 2011 at 1:29 PM, Bernd Stramm <bernd.stramm at>wrote:

> On Thu, 13 Oct 2011 10:39:03 -0700
> Toshio Kuratomi <a.badger at> wrote:
> >...
> > So what are our admins to do?  1) We could ignore the issue.  We have
> > a lot of contributors.  Maybe we should just expect that some of
> > their accounts are going to be compromised.
> Not maybe. Certainly some of the accounts will be compromised.
> > 2) We could require
> > everyone to change keys.
> And some time after that, some accounts will be compromised again. Some
> of the same accounts as before, and some other accounts. Not maybe.
> Certainly, 100%.
> --
> Bernd Stramm
> bernd.stramm at
> --
> devel mailing list
> devel at
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the devel mailing list