|
Message-ID: <20210204185400.GA26790@openwall.com> Date: Thu, 4 Feb 2021 19:54:00 +0100 From: Solar Designer <solar@...nwall.com> To: owl-dev@...ts.openwall.com Subject: Re: pam_passwdqc policy description in new password prompt On Fri, Jan 22, 2021 at 03:37:08PM +0100, Solar Designer wrote: > OTOH, the changes in the wording are maybe to the better - the previous > wording might have encouraged use of passwords of exactly those minimum > lengths. Now we use wording "that consists of" and "containing", which > implies it's at least OK for the password not to be limited to that. As > a further improvement, I think we should change "that consists of" to > "containing", too. So if we can, I'd like to see: > > --- > A valid password should be a mix of upper and lower case letters, > digits, and other characters. You can use a password containing > 8 characters from at least 3 of these 4 classes, or a password > containing 7 characters from all the classes. > > An upper case letter that begins the password and a digit that ends > it do not count towards the number of character classes used. > --- BTW, related: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=835067 "libpam-passwdqc: improvements(?) to password prompting" This is a patch against 1.3.0 that changes the wordings in some ways. I didn't review it, but I think it's worth taking another look at when revising the wording further. Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.