KPasswordDialog, password strength meter
PJaenicke at gmx.net
Tue Mar 22 21:05:25 GMT 2005
its great to see that there is now a passwort strength meter in KDE, because
IMHO bad passwords are the most common security problem.
But in my opinion the code which calculates the password strength has some
It doesn't check for stupid combinations and the repetition of strings.
So i worked on an algorithm to address this issues.
It works as follows:
- A character is put in one category (lowercase,uppercase,digit,other)
- Two succeeding characters are evaluated. Every combination of categories has
a special rating (e.g. digit following a digit => rating=4; digit following a
uppercase => rating=10)
- The password strength is the sum of all the ratings.
Since combinations which are thought to be strange have a higher rating, the
user is rewarded for using them.
Additionally there is a check for simple combinations:
- The ascii-code-difference of two succeeding characters is calculated and
stored in a list.
- If the current difference is in the list, the rating is set to zero.
Here are two examples of bad passwords which get a high rating from the
Firefox code, but a low with the new proposal:
password Firefox new Proposal
111111 60 4
a1.a1. 80 32
I would be happy if i could enhance KDE with this code, even if it is only a
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3662 bytes
Desc: not available
More information about the kde-core-devel