Anaconda 22.17+ enforces "good" passwords

[Hubert Kario]

On Wednesday 25 February 2015 14:24:37 Miloslav Trmač wrote:
> > I would consider the following to be good interaction:
> > 
> > For a password like: Troubadour1&
> > 
> > """
> > Your password failed a complexity check, estimated entropy: 17 bits,
> > password pattern detected: dictionary word with simple modifications
> > (capitalise, suffix-1, suffix-symbol). This system requires passwords
> > with at least 20 bits
> > of entropy.
> 
> That ends up saying “too bad, try something else” like we already do, except
> there are more scary words ☺  Showing the pattern that was detected does
> nothing to show _other_ patterns that will also not be allowed.

Well, every kind of rule that results in rejection can be summed up as "too 
bad, try something else".

The point of it is to learn users *not* to use "clever" tricks they have been 
using to get past password filters, like appending "1!" and capitalising the 
word to pass the "4 character classes" rule. Same tricks crackers have been 
using for decades now to guess the passwords.

And it does actually _show_ you what will be accepted right below: plain 
english words.

> > If nobody else is looking at your screen, you can use one of the following
> > random passwords:
> > red mist
> > second wanted degree
> > however ready respect using
> > """
> 
> Now this is an useful idea.  We should have this.  (The required
> never-ending nowhere-leading discussion about what the recommendations
> should look like notwithstanding.) Mirek

-- 
Regards,
Hubert Kario
Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.fedoraproject.org/pipermail/security/attachments/20150226/72d906f2/attachment-0001.sig>