Password strength meter

Kévin Ottens ervin at
Fri Oct 29 15:28:18 BST 2004

Le Vendredi 29 Octobre 2004 13:05, Andrew Coles a écrit :
> I recently discovered a nice feature in Mozilla - in the master password
> dialogue there's a 'Password strength meter', which gives a rough
> indication of how good the password is (capitals, numbers, symbols etc.).

This is really a good feature in my opinion. I'm just wondering the accuracy 
of the method used to compute the indication. It should be well thought if we 
don't want to give a wrong feeling of security.

This computation should be fast... but is it relevant enough? Should we add 
checks against a dictionnary? (ok would be far slower... but at least 
verifying if it doesn't contain some personal information like the username, 
or permutations of it, would raise the entropy a bit)

It was my 0.02€

Kévin 'ervin' Ottens,
"Ni le maître sans disciple, Ni le disciple sans maître,
Ne font reculer l'ignorance."

More information about the kde-core-devel mailing list