Password strengh meter in KNewPasswordDialog
Michael Pyne
mpyne at kde.org
Thu Apr 4 00:11:05 BST 2013
On Wednesday, April 03, 2013 18:47:17 Cristian Tibirna wrote:
> On Wednesday 03 April 2013 22:39:47 Rolf Eike Beer wrote:
> > Hi all,
>
> http://xkcd.com/936/
In fairness, common dictionary words (no matter how long) have less entropy
than you would get just from adding the letters. Each word can simply be
considered a letter in a larger alphabet. E.g. a 4-word "long" password from
within the 500 most common words is one of only 6.25e10 possibilities.
So I'd use dictionary words as a supplement to other means, not by itself. The
authors of JohnTheRipper surely read XKCD just as we do. :)
> > so a password
> > containing only lowercase characters and numbers needs to be much longer
> > than one also containing specials and uppercase characters.
>
> Really, this whole "can be short because has mixed types of characters"
> nonsense has to die.
>
> There is a math theory behind password strength. There might even be
> libraries capable of measuring this properly.
Completely agreed. If anything it seems that even the idea of "password
entropy" might not apply to any passwords that a human generates [1]. In such
a scenario it may be best to simply correlate "password strength" loosely with
"password length".
[1] http://reusablesec.blogspot.com/2010/10/new-paper-on-password-security-metrics.html
Regards,
- Michael Pyne
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20130403/14fe8ef5/attachment.sig>
More information about the kde-core-devel
mailing list