Password strengh meter in KNewPasswordDialog

Michael Pyne mpyne at
Thu Apr 4 00:11:05 BST 2013

On Wednesday, April 03, 2013 18:47:17 Cristian Tibirna wrote:
> On Wednesday 03 April 2013 22:39:47 Rolf Eike Beer wrote:
> > Hi all,

In fairness, common dictionary words (no matter how long) have less entropy 
than you would get just from adding the letters. Each word can simply be 
considered a letter in a larger alphabet. E.g. a 4-word "long" password from 
within the 500 most common words is one of only 6.25e10 possibilities.

So I'd use dictionary words as a supplement to other means, not by itself. The 
authors of JohnTheRipper surely read XKCD just as we do. :)

> > so a password
> > containing only lowercase characters and numbers needs to be much longer
> > than one also containing specials and uppercase characters.
> Really, this whole "can be short because has mixed types of characters"
> nonsense has to die.
> There is a math theory behind password strength. There might even be
> libraries capable of measuring this properly.

Completely agreed. If anything it seems that even the idea of "password 
entropy" might not apply to any passwords that a human generates [1]. In such 
a scenario it may be best to simply correlate "password strength" loosely with 
"password length".


 - Michael Pyne
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <>

More information about the kde-core-devel mailing list