Anaconda 22.17+ enforces "good" passwords
Chris Murphy
lists at colorremedies.com
Tue Feb 24 16:24:36 UTC 2015
On Tue, Feb 24, 2015 at 9:10 AM, Hubert Kario <hkario at redhat.com> wrote:
> thing is, that even if it just comes up once that means that the attackers
> either use full publicly available word lists or not entirely trivial password
> modification rules ("trustno1" is on 1001th position in RockYou list)
>
> either means that a simple dictionary check won't protect against such
> opportunistic attackers
>
> note to self: get password list from honeypots
In the UI for setting a password, how does the guideline read for such
enforcement?
"Your password must contain at least 8 characters and must contain at
least one letter and one numeric or punctuation character" is
obviously not going to work.
--
Chris Murphy
More information about the security
mailing list