On Sun, Apr 17, 2016 at 11:23:14PM -0400, Rob Pierce wrote: > Stop giving password advice. Instead, make a general statement about password > strength in passwd.1. > > Rob >
i don;t see why we should not try to give advice. jmc > Index: afterboot.8 > =================================================================== > RCS file: /cvs/src/share/man/man8/afterboot.8,v > retrieving revision 1.153 > diff -u -p -r1.153 afterboot.8 > --- afterboot.8 8 Dec 2015 13:36:05 -0000 1.153 > +++ afterboot.8 18 Apr 2016 03:18:04 -0000 > @@ -103,10 +103,6 @@ Change the password for the root user. > (Note that throughout the documentation, the term > .Dq superuser > is a synonym for the root user.) > -Choose a password that has digits and special characters > -as well as from the upper and lower case alphabet. > -Do not choose any word in any language. > -It is common for an intruder to use dictionary attacks. > Type the following command to change it: > .Pp > .Dl $ doas passwd root > @@ -594,6 +590,7 @@ is contained within > .Xr doas 1 , > .Xr ksh 1 , > .Xr man 1 , > +.Xr passwd 1 , > .Xr pkg_add 1 , > .Xr ps 1 , > .Xr vi 1 , > > Index: passwd.1 > =================================================================== > RCS file: /cvs/src/usr.bin/passwd/passwd.1,v > retrieving revision 1.44 > diff -u -p -r1.44 passwd.1 > --- passwd.1 26 Nov 2015 19:01:47 -0000 1.44 > +++ passwd.1 18 Apr 2016 03:18:42 -0000 > @@ -49,13 +49,10 @@ First, the user is prompted for their cu > If the current password is correctly typed, a new password is requested. > The new password must be entered twice to avoid typing errors. > .Pp > -The new password should be at least six characters long and not > -purely alphabetic. > -Its total length must be less than > +Password strength is a function of length and complexity. > +The total password length must be less than > .Dv _PASSWORD_LEN > (currently 128 characters). > -A mixture of both lower and uppercase letters, numbers, and > -meta-characters is encouraged. > .Pp > The quality of the password can be enforced by specifying an external > checking program via the
