Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Fri, 22 Jan 2021 15:37:08 +0100
From: Solar Designer <solar@...nwall.com>
To: owl-dev@...ts.openwall.com
Subject: pam_passwdqc policy description in new password prompt

Hi Dmitry,

With introduction of i18n support in passwdqc 1.4.0, the auto-generated
English description of the password policy changed.  For the defaults,
we previously had:

---
A valid password should be a mix of upper and lower case letters,
digits, and other characters.  You can use an 8 character long
password with characters from at least 3 of these 4 classes, or
a 7 character long password containing characters from all the
classes.  An upper case letter that begins the password and a
digit that ends it do not count towards the number of character
classes used.
---

Now we have:

---
A valid password should be a mix of upper and lower case letters,
digits, and other characters.  You can use a password
that consists of 8 characters from at least 3 of these 4 classes, or

a password containing 7 characters from all the classes.
An upper case letter that begins the password and a
digit that ends it do not count towards the number of character
classes used.
---

(The description regarding passphrases remained the same, so I don't
include it above.)

I think it's wrong that we have an empty line after ", or" - in fact, I
don't immediately see where that extra linefeed comes from, maybe it's
somehow system-specific?  The above is on Owl-current.

Also, I think it's bad that the lines are now wrapped at inconsistent
lengths.  We should correct this if we can.

OTOH, the changes in the wording are maybe to the better - the previous
wording might have encouraged use of passwords of exactly those minimum
lengths.  Now we use wording "that consists of" and "containing", which
implies it's at least OK for the password not to be limited to that.  As
a further improvement, I think we should change "that consists of" to
"containing", too.  So if we can, I'd like to see:

---
A valid password should be a mix of upper and lower case letters,
digits, and other characters.  You can use a password containing
8 characters from at least 3 of these 4 classes, or a password
containing 7 characters from all the classes.

An upper case letter that begins the password and a digit that ends
it do not count towards the number of character classes used.
---

Can you or/and others at ALT make this change please, including the
corresponding Russian translation update and its testing?

The translation will also need to be updated for additions I am working
on (adding pwqfilter related functionality for passwdqc 2.0, as I
mentioned to you off-list).  I don't know if this is better done as one
update or as two separate ones (in which case we can also release a
1.4.1 with just the fixes).

What do you suggest?

Thanks,

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.