Nino Dehne wrote:

> How about the ability to specify a regex that the password must match?

This would take even another step towards making brute-force a whole lot
easier with JtR, for example.

My own way would be to simply enforce the length and use some
brute-force detection to prevent the attacks. If an admin don't look at
the logs, it doesn't matter if you have 2 or 2000 failed login
attempts...

-e.

-- 
Elad Efrat
PGP Key ID: 0x666EB914