To be more precise in the precise pangolin installer issue, the facts are: 1. "contraseña" is marked as "Fair", having selected a spanish keymap and spanish language on the previous steps of the installer. 2. When I try an english installation (both keymap an locale), if I use the password "password" is marked as weak. 3. No warning is displayed other than the word at the right of the topmost password input field. 4. There's a big green checkmark next to the bottom password input field if both passwords match
The word list to check against the password should match the locale selected. The most basic thing to do is to match the fields hint (the text that is grayed before the input) to the most insecure answer to the query. The special characters are not the same on all languages. They should be considered in base of the locale selected for the current algorithm to be equally valid on different languages. English is one of the most limited languages in terms of characters. It has no written accents or any markings on letters. Spanish has the Ñ, Portuguese and French use the Ç. When it comes to "internationalization" of the algorithm these rules are most important. The word "contrasena" (n instead of ñ) does not exist on the spanish dictionary therefore it should be safer than the well spelled word, "contraseña" (with the ñ). Same thing happens with the country name "españa" and the unexisting word "espana". Some examples: contraseña (password) = Fair españa (country name) = Fair password (contraseña) = Weak london (city) = Weak unitedkingdom (country) = Weak unitedstatesofamerica (country) = weak I believe these examples must make my point clear. About (3) and (4): Most password check instances I've encounter during gnu/linux system installations do warned me if I entered a weak password, asking for confirmation to proceed with the weak password just in case I did not noticed the "weak" value next to the password input field (View attached images). Maybe is not a part of the bug, but certainly a missing feature. Also, the big green matching passwords checkmark is more noticeable than the "weak" (débil in spanish) word that warns about the password strength. 2012/9/3 Dmitrijs Ledkovs <launch...@surgut.co.uk> > Can you please elaborate on the "without any alerts, or so on"? > > As both account settings / account password & ubiquity show password > strengths 'Too short / Weak / Fair / Good / Strong' > > I do agree that the algorithms they use are not very strong, and they > are biased against introducing characters instead of favouring length: > > http://xkcd.com/936/ > > Is cryptographically true. > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/1044868 > > Title: > Unsecure passwords reported as acceptable as well as strong ones > > Status in “gnome-control-center” package in Ubuntu: > Triaged > Status in “ubiquity” package in Ubuntu: > Confirmed > > Bug description: > When you set the password during the installation or also when you > change it via the gnome-control-center you can insert a weak password > (like "123456" or "qwerty" or "abcdef" or "password" itself) without > any alerts, or so on. > > The suggestion is a password strength verification that includes the > most used passwords (like "1234" or "qwerty") and a dictionary that > includes the word password in every language. > A special attention to language like Spanish where "password" is > "contraseña", and where is the character "ñ" which can be recognize as a > special symbol. > > To manage notifications about this bug go to: > > https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/1044868/+subscriptions > ** Attachment added: "centos_installer_password.png" https://bugs.launchpad.net/bugs/1044868/+attachment/3294836/+files/centos_installer_password.png ** Attachment added: "ubuntu_password_ok.jpg" https://bugs.launchpad.net/bugs/1044868/+attachment/3294837/+files/ubuntu_password_ok.jpg -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-control-center in Ubuntu. https://bugs.launchpad.net/bugs/1044868 Title: Unsecure passwords reported as acceptable as well as strong ones Status in “gnome-control-center” package in Ubuntu: Triaged Status in “ubiquity” package in Ubuntu: Incomplete Bug description: When you set the password during the installation or also when you change it via the gnome-control-center you can insert a weak password (like "123456" or "qwerty" or "abcdef" or "password" itself) without any alerts, or so on. The suggestion is a password strength verification that includes the most used passwords (like "1234" or "qwerty") and a dictionary that includes the word password in every language. A special attention to language like Spanish where "password" is "contraseña", and where is the character "ñ" which can be recognize as a special symbol. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/1044868/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
