[
https://issues.apache.org/jira/browse/NIFI-1466?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andy LoPresto updated NIFI-1466:
--------------------------------
Fix Version/s: (was: 0.6.0)
> Add password strength indicator to password properties
> ------------------------------------------------------
>
> Key: NIFI-1466
> URL: https://issues.apache.org/jira/browse/NIFI-1466
> Project: Apache NiFi
> Issue Type: New Feature
> Components: Core Framework
> Affects Versions: 0.5.0
> Reporter: Andy LoPresto
> Assignee: Andy LoPresto
> Labels: encryption, security
> Original Estimate: 336h
> Remaining Estimate: 336h
>
> In processor properties which accept a password, enforce minimum entropy
> limits and provide real-time feedback as to the entropy estimate of the
> password. This will have to be overridable (either locally or globally) for
> backward compatibility, but we should require an explicit administrator
> decision to do so.
> Password "strength meters" and other such indicators are not perfect, but
> they do provide an estimate of valuable feedback to users to encourage
> stronger passwords.
> Resources:
> * [NIST & CMU Paper on observed password entropy and recommendations for
> user-friendly
> restrictions|https://www.cylab.cmu.edu/research/techreports/2011/tr_cylab11008.html]
> * [J. Bonneau - Statistical metrics for individual password strength
> (PDF)|http://www.jbonneau.com/doc/B12-SPW-statistical_password_strength_metrics.pdf]
> * [Sophos - Why you can't trust password strength
> meters|https://nakedsecurity.sophos.com/2015/03/02/why-you-cant-trust-password-strength-meters/]
> * [zxcvbn - Dropbox Password Strength
> Estimator|https://blogs.dropbox.com/tech/2012/04/zxcvbn-realistic-password-strength-estimation/]
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
