If OpenBSD is one os the securest Operating Systems out there .. then I think by default Debian should implement stronger passwords.
But I guess we will just have to do it ourselves.
Basically run (This is for Debian Lenny)
apt-get install libpam-cracklib
Comment out line 24.
I.e. password required pam_unix.so nullok obscure md5
Further down you will see
password requisite pam_cracklib.so retry=3 minlen=8 difok=3
password [success=1 default=ignore] pam_unix.so obscure use_authtok try_first_pass sha512
Remove the comments. And thats that.
Whats interesting is that Debian Squeeze, does this automagically.
Personally I would change minlen to 10 and difok to 6.