> A mixed solution may be possible, supplying DES (from both a US and a > non-US site) to those who require YP support. I'm still not in favor > of Debian doing this alone in the Linux community, though.
<sigh>Yep, another "me too" reply...</sigh> I see quite often, like here at McGill University, what you get quite often are mixtures of older machines (suns, sgi, etc) and a few people running linux boxes and wanting to network. Try telling people that you can't interoperate a linux box on the net, and you seriously damage linux's credibility. Also, when it comes to the fixed vs. variable length password issue, I think compatability should be the key focus, not security. Why? Well, at an 8 character limit, if we use upper/lower case letters, numbers, and just a few symbols, we get at *least* 64 possible characters per password position -> at *least* 6 bits of entropy per character -> at least 48 bits per password. That's plenty for most installations. Longer passwords, while they may preclude compatablility with other systems, are no excuse for not choosing good passwords: "I love Francesca" may have more than 8 characters, but it certainly is not more secure than "R8#cjs;)". There are plenty of references on how to pick good passwords in 8 characters. Just my 0.02$, -Andrew. <[EMAIL PROTECTED]>
