Re: [tlug] Kubuntu v5.10

[Josh Glover <jmglov@example.com>]

On 25/12/05, Lyle H Saxon <llletters@example.com> wrote:

> I know about mixing upper and lower case and numbers, but what is the
> ideal number of characters?  I read somewhere years ago that 8 was
> best?  Was that ever true and if it was, is it still true?

That was true in the Bad Old Days of Unix when most implementations
supported a maximum length of eight characters for passwords.

Worse yet, with some implementations of login (yes, Solaris, I'm
talking about you!), these passwords would be the same:

foobar123
foobar1234
foobar12blah0r50M35

So if I, jmglov, chose "foobar123" as my password (which *is* my root
password, incidentally; you are welcome to use my box anytime:
jmglov.nsa.gov[1]), and jmflov chooses "foobar1234", there is a very
real chance that a typo on one of our parts might get us logged in as
the wrong user.

I hope you can see why this is A Very Bad Thing.

These days, use a root password of at least 10 characters or so. Most
login implementations these days use PAM[2] or something very much
like it, so the maximum length for passwords is 128 characters or
more.

The more complex, the better. As long as you can remember[3] it.

Cheers,
Josh

[1] A joke. Please, for the love of God, do *not* *ever* try to login
to anything in the nsa.gov domain. Bad idea.
[2] http://www.google.com/search?q=Pluggable+Authentication+Modules&start=0&ie=utf-8&oe=utf-8&client=firefox&rls=org.mozilla:en-US:unofficial
[3] Where the meaning of "remember" might have something to do with crypto:
http://www.tlug.jp/ML/0512/msg00427.html