Palindrome passwords disallowed—why?

The manpage for pam_cracklib (responsible for password strength checking) does not specify why this is done:

   The strength checks works in the following manner: at first the Cracklib routine is
   called to check if the password is part of a dictionary; if this is not the case an
   additional set of strength checks is done. These checks are:

   Palindrome
       Is the new password a palindrome?

However, it's not difficult to imagine that there are some password cracking softwares that try palindromes.

I would not recommend using such a password but it's up to you evaluate what security trade-offs you're comfortable with making (you could use sudo or root account to change the password and it will allow you to change it to whatever you want).


Because a 20-character palindromic password is only as secure as a 10-character password -- there's essentially no extra entropy in the last 10 characters. So you're getting a false sense of security from having a long password.