FESCO request to revert password confirmation change in F22

Chris Murphy lists at colorremedies.com
Mon Mar 9 23:16:09 UTC 2015

On Mon, Mar 9, 2015 at 4:53 PM, Björn Persson <Bjorn at rombobjörn.se> wrote:
> Nico Kadel-Garcia wrote:
>> I'm the guy that brought up the XKCD comic.
> I did it first. ;-)

Sorry, I think it was adamw who referenced it on anaconda-devel@ over
a month ago when this topic first came up. :-D And I referenced it
again on security@ list when I pointed out Adam's correcthorse and
correcthorsebatterystaple are accepted by Anaconda, while the XKCD
"troubadour" password it railed against is accepted. Now, that's not
the part that's Anaconda's fault. It's not even really libpwquality's
fault per se because this is actually a difficult problem to score
passwords. However, it's ironic that a now widely published
passphrase, including two simple dictionary words, is permitted yet
shouldn't be if we really care about this problem, while the actually
bad password is permitted. Hence why I think the Anaconda change is
utterly pointless, brings no meaningful security gain, for a lot of
needless controversy.

Chris Murphy

More information about the devel mailing list