Re: bin/10206: of what use are even 128-byte passwords if people can still choose easily guessable ones?

["Greg A. Woods" <woods%planix.ca@localhost>]

The following reply was made to PR bin/10206; it has been noted by GNATS.

From: "Greg A. Woods" <woods%planix.ca@localhost>
To: NetBSD GNATS <gnats-bugs%NetBSD.org@localhost>
Cc: 
Subject: Re: bin/10206: of what use are even 128-byte passwords if people can  
still choose easily guessable ones?
Date: Wed, 18 Nov 2009 21:45:57 -0500

 --pgp-sign-Multipart_Wed_Nov_18_21:45:54_2009-1
 Content-Type: text/plain; charset=US-ASCII
 Content-Transfer-Encoding: quoted-printable
 
 At Wed, 18 Nov 2009 17:35:02 +0000 (UTC), Matthias Drochner <M.Drochner@fz-=
 juelich.de> wrote:
 Subject: Re: bin/10206: of what use are even 128-byte passwords if people c=
 an  still choose easily guessable ones?
 >=20
 >  Just for the record: There is a PAM module in
 >  pkgsrc/security/pam-passwdqc which does password
 >  strength checking.
 
 It doesn't seem to be any better than the unused and unusable and
 incompletely documented code that was thrown haphazardly into NetBSD as
 pw_policy(3).
 
 It's also PAM specific, and I'm sure you know what I think about PAM.
 
 (that said, apparently it is usable on systems without PAM, but likely
 not usefully without proper integration)
 
 --=20
                                                Greg A. Woods
                                                Planix, Inc.
 
 <woods%planix.com@localhost>       +1 416 218 0099        
http://www.planix.com/
 
 --pgp-sign-Multipart_Wed_Nov_18_21:45:54_2009-1
 Content-Type: application/pgp-signature
 Content-Transfer-Encoding: 7bit
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.9 (NetBSD)
 
 iD8DBQBLBLFiZn1xt3i/9H8RAvvUAJ4kpnFEoogZ1I54SqCSLxNjQoCE9QCfXqPn
 gzIQk+0Z+A9BRK/cna3BUFo=
 =SWQm
 -----END PGP SIGNATURE-----
 
 --pgp-sign-Multipart_Wed_Nov_18_21:45:54_2009-1--