cracklib dicts size (and fedora password policy)
Matthew Miller
mattdm at mattdm.org
Fri Sep 6 17:56:07 UTC 2013
On Fri, Sep 06, 2013 at 11:30:30AM -0600, Stephen John Smoogen wrote:
> I am all for 16+ character passwords, but what you get is qazwsxedcrfvtgb
> versus injureCarpRoast. And then you get a TON of backlash on how hard it
> is to create a 16 character password that they can remember. Doing our
> weaker Fedora password rules of 9->12] was enough for me to realize that
> the amount of pushback one gets from even 'security minded' people. My
> first question would be is the 8MB worth the pain of that OR would a better
> solution for ultra-small installations is a kickstart %post scriptlet which
> does the config that is needed to not have a cracklib installed (because
> any ultrasmall installation is going to need a lot of scriptlets).
What I was thinking was a 16-character configuration if the cracklib dict
isn't installed or is small, and the current 8-character configuration
otherwise. Maybe this is silly.
--
Matthew Miller mattdm at mattdm.org <http://mattdm.org/>
More information about the security
mailing list