[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-core-devel
Subject: Re: Password strengh meter in KNewPasswordDialog
From: Cristian Tibirna <tibirna () kde ! org>
Date: 2013-04-03 22:47:17
Message-ID: 39004080.Ik6eeNrfdC () leto
[Download RAW message or body]
On Wednesday 03 April 2013 22:39:47 Rolf Eike Beer wrote:
> Hi all,
>
> the current issue of (German) Linux Magazin has an article comparing some
> GnuPG frontends. One issue discussed there is the "password strength meter"
> that gives e.g. 25% strength indication for things like 123456789. I don't
> know about Kleopatra, but KGpg uses KNewPasswordDialog and it's strength
> meter for this. I propose to change the algorithm used to calculate the
> password strength to remove key sequences from the "length" calculation of
> the password, i.e. 123 has the same length as 1. Also punish all passwords
> harder that do not contain all types of characters,
http://xkcd.com/936/
> so a password
> containing only lowercase characters and numbers needs to be much longer
> than one also containing specials and uppercase characters.
Really, this whole "can be short because has mixed types of characters"
nonsense has to die.
There is a math theory behind password strength. There might even be libraries
capable of measuring this properly.
IMH (non-contributor) O, we should try to reuse here.
--
Cristian Tibirna
KDE developer .. tibirna@kde.org .. http://www.kde.org
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic