Anaconda 22.17+ enforces "good" passwords
Chris Murphy
lists at colorremedies.com
Thu Feb 26 05:54:18 UTC 2015
On Wed, Feb 25, 2015 at 12:24 PM, Miloslav Trmač <mitr at redhat.com> wrote:
>> If nobody else is looking at your screen, you can use one of the following
>> random passwords:
>> red mist
>> second wanted degree
>> however ready respect using
>> """
>
> Now this is an useful idea. We should have this. (The required never-ending nowhere-leading discussion about what the recommendations should look like notwithstanding.)
OK well at least there's acknowledgement, at least on this list, that
there need to be visible recommendations in the UI rather than the
user given a text fail whale. I don't know if there's consensus on
this point.
What about a "pronounceable" password creator, one that explicitly
doesn't use dictionary words? Based on the aforementioned 2009
estimated cost to brute force attack passwords, it still looks like
passwords like "however ready respect using" can't possibly be all
that safe against a voluminous attack. If you want to go to all this
work building such a thing and translating it, why not help the user
create completely non-dictionary passphrases that have some change of
being memorable by virtue of being pronounceable. Plus, the proposal
should be nonsense in any language, which seems less
Amero/Anglocentric.
anguleatimplesc
nitypeyrosentra
mideakeremicamo
spenhutendempis
And so on. I got these from Lastpass which lets me choose 'make
pronounceable' as an advanced option, and I can pick any length. The
argument against is that chances are the user has to write these down
at least temporarily until memorized. *shrug* But that could be true
for four word passphrases too.
Chris Murphy
More information about the security
mailing list