Am Mittwoch 03 April 2013, 18:47:17 schrieb Cristian Tibirna: > On Wednesday 03 April 2013 22:39:47 Rolf Eike Beer wrote: > > Hi all, > > > > the current issue of (German) Linux Magazin has an article comparing some > > GnuPG frontends. One issue discussed there is the "password strength > > meter" > > that gives e.g. 25% strength indication for things like 123456789. I don't > > know about Kleopatra, but KGpg uses KNewPasswordDialog and it's strength > > meter for this. I propose to change the algorithm used to calculate the > > password strength to remove key sequences from the "length" calculation of > > the password, i.e. 123 has the same length as 1. Also punish all passwords > > harder that do not contain all types of characters, > > http://xkcd.com/936/ > > > so a password > > containing only lowercase characters and numbers needs to be much longer > > than one also containing specials and uppercase characters. > > Really, this whole "can be short because has mixed types of characters" > nonsense has to die.
Not short, just shorter. So this boils down to the question: how can we count the bits of entropy? > There is a math theory behind password strength. There might even be > libraries capable of measuring this properly. > > IMH (non-contributor) O, we should try to reuse here. Adding dependencies would only affect 4.11, but I guess even for that the time may already be too short. Not that it wouldn't be a good idea for 4.12 if it's worth the effort. Eike
signature.asc
Description: This is a digitally signed message part.
