Lists

Terms and Conditions
Lists hosted on this site
Email the Postmaster
Tips for posting to public mailing lists

Re: A password strength checker

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A password strength checker

Subject: Re: A password strength checker
From: Jim Turner <email@hidden>
Date: Mon, 11 Jan 2010 10:12:51 -0600

Awesome find, Howard. I've needed a password strength algorithm in the
past and never could find one.  Plus, the strength computed by the
Password Assistant is questionable at best.  Given a password of
'aaaaaaaaaaaaaaaaaaaa' (20 lowercase 'a'), the assistant scores it
about a 20%. Add one more 'a' though and it jumps to 80%. I'm not sure
how that one extra 'a'  is worth a 60% increase in strength. I'd be
nice if their implementation was a bit more open for examination.

The algorithm used by KeePass, however, scores both a 20-character 'a'
and 21-character 'a' password as 10 (with 0 being no password or a
worthless password). Seems more accurate.

If anyone's interested in it, I wrote a Cocoa version of their
implementation. I'd be happy to make it available.

Jim

On Thu, Jan 7, 2010 at 2:32 PM, Howard Siegel <email@hidden> wrote:
> Have a look at the source code for KeePass Password Safe (
> http://keepass.info/).  It has a password generator and strength
> computation. Version 1.x is written in C++ for MS Windows (using MFC).
> Version 2.x is a rewrite in C# for .NET.
>
> It has been ported as KeyPassX for Mac OS X and Linux.
>
> - h
>
> On Thu, Jan 7, 2010 at 11:51, Martin Hewitson <email@hidden>wrote:
>
>> Dear list,
>>
>> Is anybody aware of a reasonable algorithm or some code that can be used to
>> test/check the strength of a password? I'd like to give a kind of score or a
>> color (red,yellow,green). I've looked at cracklib, but that doesn't give a
>> score, really.
>>
>> Best wishes,
>>
>> Martin
>>
>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> Martin Hewitson
>> Albert-Einstein-Institut
>> Max-Planck-Institut fuer
>>    Gravitationsphysik und Universitaet Hannover
>> Callinstr. 38, 30167 Hannover, Germany
>> Tel: +49-511-762-17121, Fax: +49-511-762-5861
>> E-Mail: email@hidden
>> WWW: http://www.aei.mpg.de/~hewitson <http://www.aei.mpg.de/~hewitson>
>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>
>>
>>
>>
>>
>> _______________________________________________
>>
>> Cocoa-dev mailing list (email@hidden)
>>
>> Please do not post admin requests or moderator comments to the list.
>> Contact the moderators at cocoa-dev-admins(at)lists.apple.com
>>
>> Help/Unsubscribe/Update your Subscription:
>>
>> This email sent to email@hidden
>>
> _______________________________________________
>
> Cocoa-dev mailing list (email@hidden)
>
> Please do not post admin requests or moderator comments to the list.
> Contact the moderators at cocoa-dev-admins(at)lists.apple.com
>
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
>
_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

Follow-Ups:
- Re: A password strength checker
  - From: Howard Siegel <email@hidden>

References:
	>A password strength checker (From: Martin Hewitson <email@hidden>)
	>Re: A password strength checker (From: Howard Siegel <email@hidden>)

Prev by Date: Re: if statement causing 32 Byte leak?
Next by Date: Re: Differentiate FAT16 and FAT32
Previous by thread: Re: A password strength checker
Next by thread: Re: A password strength checker
Index(es):
- Date
- Thread