The Fedora Account System has a method that checks the strength of passwords: http://git.fedorahosted.org/git?p=fas.git;a=blob;f=fas/validators.py;hb=HEAD#l231
Recently, a new library has been created that allows checking password quality: https://fedorahosted.org/libpwquality
The library has python bindings. It would be good to evaluate and utilize this new library and possibly use it for additional checking.
Note that we would not want to stop people from using words in their passwords as long as the passwords are no more vulnerable to dictionary attacks than they are to brute force attacks.
Step 1: evaluate the new library. See if it prevents usage of things like four and five word passphrases. See if it can add or replace any checks that we already make.
Step 2: If the library seems suitable for some role, add it to the checks already being done in fas.
I think this is duplicate (or better triplicate) of: [ticket:3027] [ticket:3043]
I'll try to summarize them on [ticket:3027].
Consolidating into ticket 3027.
Login to comment on this ticket.