Password Policy

Created by: Moschn

There should be a password policy. We already use a good hash function for passwords but a password with length 1 is currently allowed and easily broken.

I propose just a minimum length of 7 for passwords containing only letters. This would lead to a searching space of 24^7 and with a required time of around 100ms per hash it would take 14.5 years.

In order to prevent password list attacks, a more complicated policy with alphanumeric and sepcial character requirements could also be useful.