[aur-dev] [PATCH] Increase minimum password length to 8 characters

Alex Muller alex at mullr.net
Mon Jan 2 12:41:49 UTC 2017


Hi,

I'm new to AUR so I hope sending a patch like this is the correct thing
to do.

There are 95 printable ASCII characters which with a minimum length
of 4 gives 95^4 or 81 million possible passwords.

Increasing the minimum length to 8 increases the number of possible
passwords by a factor of about 10^7. I imagine most AUR users have
pretty good password practice so they won't be affected by this change,
but it will improve security for a subset of users.

For a given user I can generate all 4 character passwords on my laptop
in under 2 minutes in Python and therefore all 5 character passwords
in a few hours. This change makes it much harder (but still nowhere
near impossible) to brute force generate passwords.

FS#52297 <https://bugs.archlinux.org/task/52297>

Cheers,

Alex
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Increase-minimum-password-length-to-8-characters.patch
Type: text/x-patch
Size: 1306 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/aur-dev/attachments/20170102/2f19f0bc/attachment.bin>


More information about the aur-dev mailing list