Red Hat Bugzilla – Bug 11761
Password similarity checking
Last modified: 2008-05-01 11:37:55 EDT
When used by PAM to check passwords, a 6 character password being changed
to a 20 character password gives a "too similar" error because of the
number of similar letters. THere should be an option to have the
similarity 'score' reduced based on the length of the new password.
password -> swordfish
... new password is "too similar" ... but not very long either.
password -> aswordfishatemyboat
... still too similar?
When md5 passwords are not being used, the effective password
length is 8. The words "swordfis" and "aswordfi" are indeed similar.