KPasswordDialog, password strength meter

PJ PJaenicke at
Tue Mar 22 21:05:25 GMT 2005


its great to see that there is now a passwort strength meter in KDE, because 
IMHO bad passwords are the most common security problem.

But in my opinion the code which calculates the password strength has some 
It doesn't check for stupid combinations and the repetition of strings.
So i worked on an algorithm to address this issues. 

It works as follows:
 - A character is put in one category (lowercase,uppercase,digit,other)
- Two succeeding characters are evaluated. Every combination of categories has 
a special rating (e.g. digit following a digit => rating=4; digit following a 
uppercase => rating=10)
- The password strength is the sum of all the ratings.

Since combinations which are thought to be strange have a higher rating, the 
user is rewarded for using them.

Additionally there is a check for simple combinations:
- The ascii-code-difference of two succeeding characters is calculated and 
stored in a list.
- If the current difference is in the list, the rating is set to zero.

Here are two examples of bad passwords which get a high rating from the 
Firefox code, but a low with the new proposal:

password    Firefox   new Proposal
111111        60           4
a1.a1.        80          32

I would be happy if i could enhance KDE with this code, even if it is only a 
tiny detail.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: kpassdlg.diff
Type: text/x-diff
Size: 3662 bytes
Desc: not available
URL: <>

More information about the kde-core-devel mailing list