|
Message-ID: <20210122143708.GA6218@openwall.com> Date: Fri, 22 Jan 2021 15:37:08 +0100 From: Solar Designer <solar@...nwall.com> To: owl-dev@...ts.openwall.com Subject: pam_passwdqc policy description in new password prompt Hi Dmitry, With introduction of i18n support in passwdqc 1.4.0, the auto-generated English description of the password policy changed. For the defaults, we previously had: --- A valid password should be a mix of upper and lower case letters, digits, and other characters. You can use an 8 character long password with characters from at least 3 of these 4 classes, or a 7 character long password containing characters from all the classes. An upper case letter that begins the password and a digit that ends it do not count towards the number of character classes used. --- Now we have: --- A valid password should be a mix of upper and lower case letters, digits, and other characters. You can use a password that consists of 8 characters from at least 3 of these 4 classes, or a password containing 7 characters from all the classes. An upper case letter that begins the password and a digit that ends it do not count towards the number of character classes used. --- (The description regarding passphrases remained the same, so I don't include it above.) I think it's wrong that we have an empty line after ", or" - in fact, I don't immediately see where that extra linefeed comes from, maybe it's somehow system-specific? The above is on Owl-current. Also, I think it's bad that the lines are now wrapped at inconsistent lengths. We should correct this if we can. OTOH, the changes in the wording are maybe to the better - the previous wording might have encouraged use of passwords of exactly those minimum lengths. Now we use wording "that consists of" and "containing", which implies it's at least OK for the password not to be limited to that. As a further improvement, I think we should change "that consists of" to "containing", too. So if we can, I'd like to see: --- A valid password should be a mix of upper and lower case letters, digits, and other characters. You can use a password containing 8 characters from at least 3 of these 4 classes, or a password containing 7 characters from all the classes. An upper case letter that begins the password and a digit that ends it do not count towards the number of character classes used. --- Can you or/and others at ALT make this change please, including the corresponding Russian translation update and its testing? The translation will also need to be updated for additions I am working on (adding pwqfilter related functionality for passwdqc 2.0, as I mentioned to you off-list). I don't know if this is better done as one update or as two separate ones (in which case we can also release a 1.4.1 with just the fixes). What do you suggest? Thanks, Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.