Password strengh meter in KNewPasswordDialog

Luigi Toscano luigi.toscano at tiscali.it
Wed Apr 10 13:45:59 BST 2013


On Thursday 04 of April 2013 11:52:09 Martin Sandsmark wrote:
> On Thu, Apr 04, 2013 at 01:02:21AM +0200, Luigi Toscano wrote:
> > Have you seen this?
> > https://fedorahosted.org/libpwquality/
> > https://fedoraproject.org/wiki/Features/PasswordQualityChecking
> 
> It doesn't contain any docs about how it calculates anything that I can
> find, which is a bit worrying. From looking at the code it looks very
> simplistic.

Some answers from the author (now in CC:):
<t8m> The algorithms for checking the password parameters are simple because 
the definition of the parameters is simple - the code is partially reused from 
pam_cracklib. The scoring algorithm (which is not too important) is arbitrary 
and created by adjusting outputs that were calculated by it on a small 
password dictionary.
<tosky> does it mean that the main focus is the checking the password 
parameters, and that the scoring algorithm can be replaced? Or did I miss all 
the points? :)
<t8m> The algorithm that generates the password is trying to create 
pronounceable password with defined entropy.
<t8m> Yes.
<t8m> Yes to the first question actually :)
<tosky> so, given the focus of the feature discussed (scoring the password), 
is it correct that the library is not the proper tool?
<t8m> Is the strength meter purpose to be used for system passwords?
<t8m> If so the libpwquality should be used because it will honor the system 
wide settings enforced by the PAM configuration (at least on Fedora it is so)
<tosky> the change would be in KNewPasswordDialog, which is part of KDELibs 
and used in many applications whenever a password is needed
<tosky> (or it should be used :)
[15:32:44] <t8m> ok, then using libpwquality might be slightly more 
complicated as the applications should be able to set their own preferences 
for minimum password parameters
<tosky> I see
<tosky> can I copy & paste this entire conversation?
<t8m> (which is of course possible with libpwquality, but I suppose the 
KNewPasswordDialog API doesn't allow this)
<t8m> sure

Ciao
-- 
Luigi




More information about the kde-core-devel mailing list