Password strength meter
Kévin Ottens
ervin at ipsquad.net
Fri Oct 29 15:28:18 BST 2004
Le Vendredi 29 Octobre 2004 13:05, Andrew Coles a écrit :
> I recently discovered a nice feature in Mozilla - in the master password
> dialogue there's a 'Password strength meter', which gives a rough
> indication of how good the password is (capitals, numbers, symbols etc.).
This is really a good feature in my opinion. I'm just wondering the accuracy
of the method used to compute the indication. It should be well thought if we
don't want to give a wrong feeling of security.
This computation should be fast... but is it relevant enough? Should we add
checks against a dictionnary? (ok would be far slower... but at least
verifying if it doesn't contain some personal information like the username,
or permutations of it, would raise the entropy a bit)
It was my 0.02€
Regards.
--
Kévin 'ervin' Ottens, http://ervin.ipsquad.net
"Ni le maître sans disciple, Ni le disciple sans maître,
Ne font reculer l'ignorance."
More information about the kde-core-devel
mailing list