Subject: Re: bin/10206
To: Elad Efrat <>
From: Greg A. Woods <>
List: netbsd-bugs
Date: 09/23/2005 16:08:41
Content-Type: text/plain; charset=US-ASCII

At Wed, 14 Sep 2005 11:42:02 +0000 (UTC), wrote:
> Synopsis: of what use are even 128-byte passwords if people can still choose easily guessable ones?
> State-Changed-From-To: open->closed
> State-Changed-By:
> State-Changed-When: Wed, 14 Sep 2005 11:42:01 +0000
> State-Changed-Why:
> Recently added pw_policy(3) to address this issue.

Too bad it doesn't really address all of the underlying issues very well
at all.  In fact I'd have to say the current implementation is basically
a wet paper bag as opposed to what I provided originally.

Don't get me wrong -- I agree with and like the structure of your
solution, just not its very weak and incomplete set of options.

At the very least support for dictionaries must be added, and ideally
they should of course be compatible with those crack (or something as
good and as relevant) can generate.  This could very trivially be done
by also including libcrack, just as my original solution offered.

(conceptually libcrack also provides all the policy checks too, just not
in such as configurable a way, and personally I lean much more to the
Apple user interface goals when it comes to security -- the more
options, the worse it is by far)

> I'm glad we could celebrate a 5-year-anniversary for this PR before closing it.

Yeah, sigh.  Grrr...  0.5 :-)   :-/

						Greg A. Woods
						Planix, Inc.

<>     +1 416 489-5852 x122

Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

Version: PGPfreeware 5.0i for non-commercial use
MessageID: J0enngkNMjIvCk+BfHMpI5QN/tDOLvSF