Password strengh meter in KNewPasswordDialog

Cristian Tibirna tibirna at kde.org
Wed Apr 3 23:47:17 BST 2013


On Wednesday 03 April 2013 22:39:47 Rolf Eike Beer wrote:
> Hi all,
> 
> the current issue of (German) Linux Magazin has an article comparing some
> GnuPG frontends. One issue discussed there is the "password strength meter"
> that gives e.g. 25% strength indication for things like 123456789. I don't
> know about Kleopatra, but KGpg uses KNewPasswordDialog and it's strength
> meter for this. I propose to change the algorithm used to calculate the
> password strength to remove key sequences from the "length" calculation of
> the password, i.e. 123 has the same length as 1. Also punish all passwords
> harder that do not contain all types of characters, 

http://xkcd.com/936/

> so a password
> containing only lowercase characters and numbers needs to be much longer
> than one also containing specials and uppercase characters.

Really, this whole "can be short because has mixed types of characters" 
nonsense has to die.

There is a math theory behind password strength. There might even be libraries 
capable of measuring this properly. 

IMH (non-contributor) O, we should try to reuse here.

-- 
Cristian Tibirna
KDE developer .. tibirna at kde.org .. http://www.kde.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20130403/86e9c30c/attachment.sig>


More information about the kde-core-devel mailing list