Palindrome passwords disallowed—why?

linux passwords

The manpage for pam_cracklib (responsible for password strength checking) does not specify why this is done:

   The strength checks works in the following manner: at first the Cracklib routine is
   called to check if the password is part of a dictionary; if this is not the case an
   additional set of strength checks is done. These checks are:

   Palindrome
       Is the new password a palindrome?

However, it's not difficult to imagine that there are some password cracking softwares that try palindromes.

I would not recommend using such a password but it's up to you evaluate what security trade-offs you're comfortable with making (you could use sudo or root account to change the password and it will allow you to change it to whatever you want).


Because a 20-character palindromic password is only as secure as a 10-character password -- there's essentially no extra entropy in the last 10 characters. So you're getting a false sense of security from having a long password.

Related

7zip: how to extract to std output?
Is an LED monitor better for eyes than an LCD monitor?
Why do Chrome tabs have blue dots on them?
How to type unicode characters in KDE?
When does the inverse of a covariance matrix exist?
Motivating Cohomology
Recommended (free) software to plot points in 3d
slope of a line in 3D coordinate system
Field automorphisms of $\mathbb{Q}$ - shouldn't there be only one?
Inverse/Implicit Function Theorem Reasons?
Understanding the Frechet derivative
Calculate the expected value of $Y=e^X$ where $X \sim N(\mu, \sigma^2)$