Yeah, who would have thought "password" was "medium" and "password123456" was "strong"? Thanks for verifying that, Microsoft!
Linux is not much better or could be worse. Running password12345 through cracklib-check gives it the "ok" as a password. Yet password123456 or password1234567 gives the result of too simplistic/systematic.
Similarly, 123aaabbb gets the ok from cracklib-check, but 1234aaabbb is too simplistic/systematic.
The design of cracklib-check heuristics can give a false sense of security to the user just like other password checkers/validation programs.
_________________________
Earth and sky, woods and fields, lakes and rivers, the mountain and the sea, are excellent schoolmasters, and teach some of us more than we can ever learn from books.
John Lubbock
Previous Topic
Index
