[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: Password strengh meter in KNewPasswordDialog
From:       Cristian Tibirna <tibirna () kde ! org>
Date:       2013-04-03 22:47:17
Message-ID: 39004080.Ik6eeNrfdC () leto
[Download RAW message or body]


On Wednesday 03 April 2013 22:39:47 Rolf Eike Beer wrote:
> Hi all,
> 
> the current issue of (German) Linux Magazin has an article comparing some
> GnuPG frontends. One issue discussed there is the "password strength meter"
> that gives e.g. 25% strength indication for things like 123456789. I don't
> know about Kleopatra, but KGpg uses KNewPasswordDialog and it's strength
> meter for this. I propose to change the algorithm used to calculate the
> password strength to remove key sequences from the "length" calculation of
> the password, i.e. 123 has the same length as 1. Also punish all passwords
> harder that do not contain all types of characters, 

http://xkcd.com/936/

> so a password
> containing only lowercase characters and numbers needs to be much longer
> than one also containing specials and uppercase characters.

Really, this whole "can be short because has mixed types of characters" 
nonsense has to die.

There is a math theory behind password strength. There might even be libraries 
capable of measuring this properly. 

IMH (non-contributor) O, we should try to reuse here.

-- 
Cristian Tibirna
KDE developer .. tibirna@kde.org .. http://www.kde.org

["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]