>> I agree with Bas here: I'm all for removing the Debian deviation from >> upstream, so please go ahead with that, but raising it further is not >> necessarily a useful thing to do. I can easily think of a 6-char password >> that is a lot more difficult to guess than an 8 char one. > > Especially when the most common response I've seen to a system saying that a > password is not long enough is to start adding easily guessable extension > strings to the password the user already picked, NOT to sit back down and > think up a better, intrinsicly longer password:
that's what libpam-cracklib is for. -- Bernd Zeimetz <[EMAIL PROTECTED]> <http://bzed.de/> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
