[CentOS] Another Fedora decision

Sat Jan 31 11:04:30 UTC 2015
Peter Eckel <lists at eckel-edv.de>

Hi Johan,

> His point in short: passwords are not all that important any more.
> All virus spreading and hacking these days is done by sending malicous mails and by visiting malicious sites.

<polemical-mode>If your brother in law doesn't see that the virus argument doesn't apply to the question of whether or not to choose strong passwords maybe he shouldn't be a software developer in the first place.</polemical-mode>

Strong passwords don't protect against viruses, phishing etc. pp., that is true. But having weak passwords opens a plethora of other attack vectors beside that, and as for instance the iTunes hack shows there *are* real-world scenarios where passwords are attacked successfully. Just put an ssh server on a public IP and wait for a day, and you'll see how many.

Regarding the original issue, I don't see where requiring users to enter strong(ish) passwords in the GUI installer at installation time could do any harm except a minor inconvenience for some people. Kickstart is not affected, so automated installs won't break, and on the other hand the use of weak passwords may be reduced a bit by the change. I'm all for it.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 204 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.centos.org/pipermail/centos/attachments/20150131/fb07c8cd/attachment-0003.sig>