Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rate password complexity level #7

Open
johana-star opened this issue Aug 6, 2012 · 2 comments
Open

Rate password complexity level #7

johana-star opened this issue Aug 6, 2012 · 2 comments
Labels
enhancement

Comments

@johana-star
Copy link
Owner

No description provided.

@johana-star
Copy link
Owner Author

Once implemented, we can use this to:
A) Provide users a quick gauge of how effective the password might be
B) automatically reject passwords below a complexity threshold.

@heartpunk
Copy link

I vote for a different approach to this. The main risk is having too short a password, so we should limit either minimum word length, or minimum password length. Past that risk, the concern is whether you're using enough words for the value of the information being protected. I propose a breakdown of, not complexity, but difficulty of cracking using a character by character brute forcer, as well as by using a brute forcer specific to the values used by this project. We could provide a pretty realistic estimate of the actual cost of brute forcing the password using current EC2 rates, too, and that'd be kinda cool.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@heartpunk @johana-star