It's not that qwerty layout runs per se are denied, it's that too many
consecutive character pairs are denied. Certain qwerty layout runs
simply happen to contain many consecutive character pairs.
As the prior message observes, the bug is annoying: augmenting an
otherwise acceptable password by appending consecutive characters
renders it no longer acceptable!
The bug is real, but has nothing to do with qwerty-vs-dvorak. The Fedora
project addresses it by simply disregarding consecutive character pairs
as adding any "length strength".
- /* Change by Ben Karsin from ITS at University of Hawaii at Manoa.
Static MAXSTEP
- would generate many false positives for long passwords. */
- maxrepeat = 3+(0.09*strlen(password));
- if (i > maxrepeat)
+ /* We were still generating false positives for long passwords.
+ Just count systematic double as a single character. */
+ if (len - i < MINLEN)
Regards,
Alex