[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-core-devel
Subject: Re: Password strengh meter in KNewPasswordDialog
From: Thiago Macieira <thiago () kde ! org>
Date: 2013-04-03 21:53:40
Message-ID: 7544328.PmaHQdPRhb () tjmaciei-mobl2
[Download RAW message or body]
On quarta-feira, 3 de abril de 2013 22.39.47, Rolf Eike Beer wrote:
> Also punish all passwords harder
> that do not contain all types of characters, so a password containing only
> lowercase characters and numbers needs to be much longer than one also
> containing specials and uppercase characters.
You do realise that a password isn't truly random if it has to contain all
types? I hate when I'm forced to do that.
For example, here are 10 password generated with keepassx with Upper, lower,
numbers, minus, underline, and special characters:
old / new
"d3(;$puO 82 82
S+157jz"9 92 72
4Q%p6sZwo 100 100
0We|va}!G 92 92
*+"$ZIf6p 72 62
'HC4@xiH? 82 80
qbF\FdHCy 82 52
'$Y(7sy8< 100 82
)Nxrml@u[ 100 90
U-+*al`S) 82 62
Note how there a few without digits. But since they're all randomly-generated
using the same method, they all have the same probability.
For custom
"!@#$%^&*abcdefghijklmnopqrstuvxwyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789", I
get:
4xy1pIrwy 100 60
rv8AaI6G8 92 70
YHbcA5C38 92 60
h@abfjih6 72 55
m!58L!TOD 52 42
GNxzg&Rxz 82 52
SFZN5$k@m 82 62
7bmDx@*SW 82 72
U2WVF9kLH 82 47
tgD4cYGjo 82 62
Out of ten, only three got all four types of characters. All *ten* got a score
lower than 75, which is your threshold for the green colour.
I generated 100 10-character passwords by base64 encoding /dev/urandom. With
the old algorithm, 65% of the passwords were 100 points, 20% more between 90
and 99 and 10% between 80 and 89. With the new algorithm, only 14 passwords
got 100 points, 21% are between 80 and 99 and 40% of them are between 70 and
79 points. There was even one entry that got 30 points.
I have to increase the password length to 14 characters to 65% of 100 points.
And they're all random.
--
Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
Software Architect - Intel Open Source Technology Center
PGP/GPG: 0x6EF45358; fingerprint:
E067 918B B660 DBD1 105C 966C 33F5 F005 6EF4 5358
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic