I've configured PAM to restrict password creation to 8 or more
characters. It would therefore be a good idea to add an option to
throw out passwords that are less than a given number of characters
since it's just a waste of time to try them.
For example, let's say we had:
Minlength = 8
If we were considering the word "fred" from the wordlist, we'd ignore
"fred", but would accept the mangled "fredfred".
p.s. I suppose for symmetry, we could have a Maxlength option too.
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable'), (20, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-6-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL
set to en_US.utf8)
Versions of packages john depends on:
ii john-data 1.7.2-3~bpo40+1 active password cracking tool - ch
ii libc6 2.3.6.ds1-13etch7 GNU C Library: Shared libraries
ii libssl0.9.8 0.9.8c-4etch3 SSL shared libraries
john recommends no packages.
-- no debconf information
Pkg-john-devel mailing list