Andy LoPresto created NIFI-1466:
-----------------------------------
Summary: Add password strength indicator to password properties
Key: NIFI-1466
URL: https://issues.apache.org/jira/browse/NIFI-1466
Project: Apache NiFi
Issue Type: New Feature
Components: Core Framework
Affects Versions: 0.5.0
Reporter: Andy LoPresto
Assignee: Andy LoPresto
Fix For: 0.6.0
In processor properties which accept a password, enforce minimum entropy limits
and provide real-time feedback as to the entropy estimate of the password. This
will have to be overridable (either locally or globally) for backward
compatibility, but we should require an explicit administrator decision to do
so.
Password "strength meters" and other such indicators are not perfect, but they
do provide an estimate of valuable feedback to users to encourage stronger
passwords.
Resources:
* [NIST & CMU Paper on observed password entropy and recommendations for
user-friendly
restrictions|https://www.cylab.cmu.edu/research/techreports/2011/tr_cylab11008.html]
* [J. Bonneau - Statistical metrics for individual password strength
(PDF)|http://www.jbonneau.com/doc/B12-SPW-statistical_password_strength_metrics.pdf]
* [Sophos - Why you can't trust password strength
meters|https://nakedsecurity.sophos.com/2015/03/02/why-you-cant-trust-password-strength-meters/]
* [zxcvbn - Dropbox Password Strength
Estimator|https://blogs.dropbox.com/tech/2012/04/zxcvbn-realistic-password-strength-estimation/]
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
