Password diversity
Pierre-Yves Chibon
pingou at pingoured.fr
Thu Dec 1 14:47:04 UTC 2011
On Thu, 2011-12-01 at 09:18 -0500, Adam M. Dutko wrote:
>
> > I'll just keep the patch somewhere until we've decided
> > if it is worth applying or not.
>
> I was not implying the patch isn't worthwhile or that we shouldn't
> apply it. I'm interested to hear feedback as to what you think would
> be a good solution and the reasoning behind your thoughts.
I am saying it, I am really pondering whether it is something we should
do (as I am not a security expert). I think we should but I do ponder
how strong.
At the moment in the patch I just check if there are more than 3
different characters in the whole chain. Meaning for a 20 characters
long password you would have:
26*25*(24^18) = 4.536446e+27 trials
(against 26^20 = 1.992815e+28)
> Where is the patch? Can you post it on ReviewBoard?
> (https://fedorahosted.org/reviewboard) and assign it to me please? Or
> can you stop by #fedora-admin and ping me with a link to it? My IRC
> nick is styluseater. Thank you.
I simply put it there: http://fpaste.org/Hw9s/
I can add it to the reviewboard if needed.
(Actually in this version I check that there are at least 2 different
characters).
Pierre
More information about the infrastructure
mailing list