[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: Password strength meter
From:       Kévin_Ottens <ervin () ipsquad ! net>
Date:       2004-10-29 14:28:18
Message-ID: 200410291628.19255.ervin () ipsquad ! net
[Download RAW message or body]

Le Vendredi 29 Octobre 2004 13:05, Andrew Coles a écrit :
> I recently discovered a nice feature in Mozilla - in the master password
> dialogue there's a 'Password strength meter', which gives a rough
> indication of how good the password is (capitals, numbers, symbols etc.).

This is really a good feature in my opinion. I'm just wondering the accuracy 
of the method used to compute the indication. It should be well thought if we 
don't want to give a wrong feeling of security.

This computation should be fast... but is it relevant enough? Should we add 
checks against a dictionnary? (ok would be far slower... but at least 
verifying if it doesn't contain some personal information like the username, 
or permutations of it, would raise the entropy a bit)

It was my 0.02¤

Regards.
-- 
Kévin 'ervin' Ottens, http://ervin.ipsquad.net
"Ni le maître sans disciple, Ni le disciple sans maître,
Ne font reculer l'ignorance."

[prev in list] [next in list] [prev in thread] [next in thread]