FESCO request to revert password confirmation change in F22
Chris Murphy
lists at colorremedies.com
Mon Mar 9 23:16:09 UTC 2015
On Mon, Mar 9, 2015 at 4:53 PM, Björn Persson <Bjorn at rombobjörn.se> wrote:
> Nico Kadel-Garcia wrote:
>> I'm the guy that brought up the XKCD comic.
>
> I did it first. ;-)
Sorry, I think it was adamw who referenced it on anaconda-devel@ over
a month ago when this topic first came up. :-D And I referenced it
again on security@ list when I pointed out Adam's correcthorse and
correcthorsebatterystaple are accepted by Anaconda, while the XKCD
"troubadour" password it railed against is accepted. Now, that's not
the part that's Anaconda's fault. It's not even really libpwquality's
fault per se because this is actually a difficult problem to score
passwords. However, it's ironic that a now widely published
passphrase, including two simple dictionary words, is permitted yet
shouldn't be if we really care about this problem, while the actually
bad password is permitted. Hence why I think the Anaconda change is
utterly pointless, brings no meaningful security gain, for a lot of
needless controversy.
--
Chris Murphy
More information about the devel
mailing list