passphrase quality

mouring at etoh.eviladmin.org mouring at etoh.eviladmin.org
Sat Nov 17 08:58:54 EST 2001


On Fri, 16 Nov 2001, Peter W wrote:

> On Fri, Nov 16, 2001 at 09:41:07PM +0100, Tim McGarry wrote:
>
> > I'm having difficulty educating the users on the systems that I administer
> > to choose a sensible passphrase
>
> > I think some versions of PGP comment on passphrase quality, perhaps this
> > would be worth having in OpenSSH, maybe giving the user the oportunity to
> > try again if there phrase isn't good enough
>
> In many Linux-based operating environments, this is enforced via PAM and the
> pam_cracklib library. You might lok at that; I think it makes more sense to
> do the testing there than inside OpenSSH.
>
No.  ssh-keygen should never be pamifed. It is worthless to do so.

If we are going to enforce passphrase quality it should be for all OSes.
The world does not revolve around Linux.  No matter what the press may
think.

- Ben




More information about the openssh-unix-dev mailing list