https://bugzilla.wikimedia.org/show_bug.cgi?id=17604
Platonides <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #8 from Platonides <[email protected]> 2009-02-24 21:35:59 UTC --- (In reply to comment #3) > Unrelated to this bug, but the problem I see in this extension is that it can > be used to force to have ascii characters in passwords, which might not be > nice > for languages using other scripts. The solution would be to replace /[0-9]/, /[A-Z]/ and /[a-z]/ regex with \p{N}, \p{Ll} and \p{N} (In reply to comment #7) > I think this kind of extension is really annoying, and a much better > implementation would be to rely more on dictionaries and length. > carnivorousstegasauroid is a lot more secure than Password1234, but the former > would probably be banned by many simplistic password strength checkers when > the > latter would not. Completely agree. Perhaps instead of measuring that it contains many characters we should measure the number of possibilities on that subset So the first one would have 23*26 = 588 points of password strength (23 lower case letters) and the second one 12*(2*26+10) = 744 password strength points (12 uppercase, lowercase and numers). That could them refined. The second one could instead be considered as 8 letters followed by 4 numbers: 8*2*26 + 4*10 = 456 The difficulties arise in determining how large is the "letters" block for non-western languages. But even if only detecting weak passwords on latin1, it could prove useful. Another option would be using that system as a javascript password strengh measurer. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
