passphrase quality, ssh-keygen, cracklib
Peter W
peterw at usa.net
Sat Nov 17 09:53:45 EST 2001
On Fri, Nov 16, 2001 at 02:26:36PM -0800, Darren Moffat wrote:
> Having said that I agree with the comment ssh-keygen shouldn't be pamified,
> what you might want to do though is follow the pam model and have a
> pluggable set of rules that guide a user into choosing a good passphrase.
You're thinking something along the lines of allowing a compile-time option
to use cracklib if desired? For the reasons I already stated, I don't know
that a "picky" ssh-keygen (PAM-ified or not) should do any more than display
a warning & perhaps prompt for confirmation ("Are you sure you want to use
such a weak passphrase?").
-Peter
More information about the openssh-unix-dev
mailing list