On Wednesday 03 April 2013 22:39:47 Rolf Eike Beer wrote: > Hi all, > > the current issue of (German) Linux Magazin has an article comparing some > GnuPG frontends. One issue discussed there is the "password strength meter" > that gives e.g. 25% strength indication for things like 123456789. I don't > know about Kleopatra, but KGpg uses KNewPasswordDialog and it's strength > meter for this. I propose to change the algorithm used to calculate the > password strength to remove key sequences from the "length" calculation of > the password, i.e. 123 has the same length as 1. Also punish all passwords > harder that do not contain all types of characters,
http://xkcd.com/936/ > so a password > containing only lowercase characters and numbers needs to be much longer > than one also containing specials and uppercase characters. Really, this whole "can be short because has mixed types of characters" nonsense has to die. There is a math theory behind password strength. There might even be libraries capable of measuring this properly. IMH (non-contributor) O, we should try to reuse here. -- Cristian Tibirna KDE developer .. [email protected] .. http://www.kde.org
signature.asc
Description: This is a digitally signed message part.
