[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-core-devel
Subject: Re: Password strengh meter in KNewPasswordDialog
From: Rolf Eike Beer <kde () opensource ! sf-tec ! de>
Date: 2013-04-03 23:01:37
Message-ID: 1946796.E8YRhEoaDS () eto
[Download RAW message or body]
Am Mittwoch 03 April 2013, 18:47:17 schrieb Cristian Tibirna:
> On Wednesday 03 April 2013 22:39:47 Rolf Eike Beer wrote:
> > Hi all,
> >
> > the current issue of (German) Linux Magazin has an article comparing some
> > GnuPG frontends. One issue discussed there is the "password strength
> > meter"
> > that gives e.g. 25% strength indication for things like 123456789. I don't
> > know about Kleopatra, but KGpg uses KNewPasswordDialog and it's strength
> > meter for this. I propose to change the algorithm used to calculate the
> > password strength to remove key sequences from the "length" calculation of
> > the password, i.e. 123 has the same length as 1. Also punish all passwords
> > harder that do not contain all types of characters,
>
> http://xkcd.com/936/
>
> > so a password
> > containing only lowercase characters and numbers needs to be much longer
> > than one also containing specials and uppercase characters.
>
> Really, this whole "can be short because has mixed types of characters"
> nonsense has to die.
Not short, just shorter. So this boils down to the question: how can we count
the bits of entropy?
> There is a math theory behind password strength. There might even be
> libraries capable of measuring this properly.
>
> IMH (non-contributor) O, we should try to reuse here.
Adding dependencies would only affect 4.11, but I guess even for that the time
may already be too short. Not that it wouldn't be a good idea for 4.12 if it's
worth the effort.
Eike
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic