[Pkg-shadow-devel] Bug#386818: [passwd] Manpage suggests
insufficient password picking method
Simon Brandmair
sbrandmair at gmx.net
Sun Sep 10 12:24:33 UTC 2006
Package: passwd
Version: 1:4.0.18.1-1
Severity: wishlist
The manpage of passwd suggests following method to pick a password: "Your
password must be easily remembered so that you will not be forced to write it
on a piece of paper. This can be accomplished by appending two small words
together and separating each with a special character or digit. For example,
Pass%word."
This method is not very secure, since many passwords can only be 8 characters
long. Therefore, I can only use two short words with a combined maximum length
of 7 charaters (plus a special character). This leads to a limited number of
possible passwords. Such a password could be vunerable to lexical attacks.
I would suggest a this method: 'This can be accomplished by picking two
(longer) words, appending their first three characters together and separating
each with two special characters or digits. For example, pick "summer" and
"beach", your password could be "sum%9bea".'
More information about the Pkg-shadow-devel
mailing list