https://bugzilla.wikimedia.org/show_bug.cgi?id=17604
--- Comment #9 from Aryeh Gregor <[email protected]> 2009-02-24 21:45:30 UTC --- (In reply to comment #8) > Completely agree. > > Perhaps instead of measuring that it contains many characters we should > measure > the number of possibilities on that subset > So the first one would have 23*26 = 588 points of password strength (23 lower > case letters) and the second one > 12*(2*26+10) = 744 password strength points (12 uppercase, lowercase and > numers). > > That could them refined. The second one could instead be considered as 8 > letters followed by 4 numbers: 8*2*26 + 4*10 = 456 One way I've seen it done is to say something like "Minimum length 12 characters. -1 if it contains [a-z], -1 if it contains [A-Z], -1 if it contains [0-9], -1 if it contains other printable ASCII, -2 if it contains non-ASCII", with all the minuses stacking. Then you could use a six-character password, as long as it was something like aAa1!א. This particular heuristic still discriminates against non-English languages (Chinese people need to have entire sentences as passwords?!), but it could be refined. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
