Password strengh meter in KNewPasswordDialog

Thiago Macieira thiago at kde.org
Wed Apr 3 22:53:40 BST 2013 

On quarta-feira, 3 de abril de 2013 22.39.47, Rolf Eike Beer wrote:
> Also punish all passwords harder 
> that do not contain all types of characters, so a password containing only 
> lowercase characters and numbers needs to be much longer than one also 
> containing specials and uppercase characters.

You do realise that a password isn't truly random if it has to contain all 
types? I hate when I'm forced to do that.

For example, here are 10 password generated with keepassx with Upper, lower, 
numbers, minus, underline, and special characters:

				old	/ new
"d3(;$puO		82	82
S+157jz"9		92	72
4Q%p6sZwo		100	100
0We|va}!G		92	92
*+"$ZIf6p		72	62

'HC4 at xiH?		82	80
qbF\FdHCy		82	52
'$Y(7sy8<		100	82
)Nxrml at u[		100	90
U-+*al`S)		82	62

Note how there a few without digits. But since they're all randomly-generated 
using the same method, they all have the same probability.

For custom 
"!@#$%^&*abcdefghijklmnopqrstuvxwyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789", I 
get:

4xy1pIrwy		100	60
rv8AaI6G8		92	70
YHbcA5C38		92 	60
h at abfjih6		72	55
m!58L!TOD		52	42

GNxzg&Rxz		82	52
SFZN5$k at m		82	62
7bmDx@*SW		82	72
U2WVF9kLH		82	47
tgD4cYGjo		82	62

Out of ten, only three got all four types of characters. All *ten* got a score 
lower than 75, which is your threshold for the green colour.

I generated 100 10-character passwords by base64 encoding /dev/urandom. With 
the old algorithm, 65% of the passwords were 100 points, 20% more between 90 
and 99 and 10% between 80 and 89. With the new algorithm, only 14 passwords 
got 100 points, 21% are between 80 and 99 and 40% of them are between 70 and 
79 points. There was even one entry that got 30 points.

I have to increase the password length to 14 characters to 65% of 100 points. 
And they're all random.

-- 
Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
   Software Architect - Intel Open Source Technology Center
      PGP/GPG: 0x6EF45358; fingerprint:
      E067 918B B660 DBD1 105C  966C 33F5 F005 6EF4 5358
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20130403/8241e9a5/attachment.sig>

More information about the kde-core-devel mailing list