[aur-dev] [PATCH] Increase minimum password length to 8 characters

Mark Weiman mark.weiman at markzz.com
Mon Jan 2 16:59:16 UTC 2017


On Mon, 2017-01-02 at 12:41 +0000, Alex Muller via aur-dev wrote:
> Hi,
> 
> I'm new to AUR so I hope sending a patch like this is the correct thing
> to do.
> 

Use git-send-email(1) or send the patch inline instead of adding a patch as an
attachment and make sure you sign-off on the patch.

> There are 95 printable ASCII characters which with a minimum length
> of 4 gives 95^4 or 81 million possible passwords.
> 
> Increasing the minimum length to 8 increases the number of possible
> passwords by a factor of about 10^7. I imagine most AUR users have
> pretty good password practice so they won't be affected by this change,
> but it will improve security for a subset of users.
> 
> For a given user I can generate all 4 character passwords on my laptop
> in under 2 minutes in Python and therefore all 5 character passwords
> in a few hours. This change makes it much harder (but still nowhere
> near impossible) to brute force generate passwords.
> 

Since this is also in the patch, I would not really include these paragraphs in
the patch since they are not all that necessary to be that verbose about it.

> FS#52297 <https://bugs.archlinux.org/task/52297>
> 

I would change this to "Fixes: FS#52297" instead.

> Cheers,
> 
> Alex

Mark Weiman


More information about the aur-dev mailing list