Password strengh meter in KNewPasswordDialog
Luigi Toscano
luigi.toscano at tiscali.it
Wed Apr 10 13:45:59 BST 2013
On Thursday 04 of April 2013 11:52:09 Martin Sandsmark wrote:
> On Thu, Apr 04, 2013 at 01:02:21AM +0200, Luigi Toscano wrote:
> > Have you seen this?
> > https://fedorahosted.org/libpwquality/
> > https://fedoraproject.org/wiki/Features/PasswordQualityChecking
>
> It doesn't contain any docs about how it calculates anything that I can
> find, which is a bit worrying. From looking at the code it looks very
> simplistic.
Some answers from the author (now in CC:):
<t8m> The algorithms for checking the password parameters are simple because
the definition of the parameters is simple - the code is partially reused from
pam_cracklib. The scoring algorithm (which is not too important) is arbitrary
and created by adjusting outputs that were calculated by it on a small
password dictionary.
<tosky> does it mean that the main focus is the checking the password
parameters, and that the scoring algorithm can be replaced? Or did I miss all
the points? :)
<t8m> The algorithm that generates the password is trying to create
pronounceable password with defined entropy.
<t8m> Yes.
<t8m> Yes to the first question actually :)
<tosky> so, given the focus of the feature discussed (scoring the password),
is it correct that the library is not the proper tool?
<t8m> Is the strength meter purpose to be used for system passwords?
<t8m> If so the libpwquality should be used because it will honor the system
wide settings enforced by the PAM configuration (at least on Fedora it is so)
<tosky> the change would be in KNewPasswordDialog, which is part of KDELibs
and used in many applications whenever a password is needed
<tosky> (or it should be used :)
[15:32:44] <t8m> ok, then using libpwquality might be slightly more
complicated as the applications should be able to set their own preferences
for minimum password parameters
<tosky> I see
<tosky> can I copy & paste this entire conversation?
<t8m> (which is of course possible with libpwquality, but I suppose the
KNewPasswordDialog API doesn't allow this)
<t8m> sure
Ciao
--
Luigi
More information about the kde-core-devel
mailing list