don't warn about password too simple when it's clearly not, use new mechanism for pw strength indicator
Reported by steve | February 7th, 2018 @ 02:30 PM | in 1.4.5 (closed)
Testing some stuff in GPG Keychain I created a key with the following password:
this is a random password with spaces and umlauten äöü and umlauten ä with ü spaces ü oh and it is also reaaaaaalllllllllyyyyy looooonnnnngggg_.,., ´`´` and has a few special characters like ˚ and £££££
GPG Keychain warns about "Password too simple". This is clearly not the case. Unsure which rule is not met. Maybe that no numbers are included. But as we all know longer passwords are more secure than short password containing a single special character and a single number.
These warnings may be coming from gnupg in which case we should file a ticket with them.
Comments and changes to this ticket
-
steve May 9th, 2018 @ 01:46 PM
Test Results GK Password Strength.7z
- make color indicator thinner
- can color changes have a soft transition?
- make changes more liniar and stretch over a longer period of number of characters
- when only filling password (and leaving confirm field blank) and clicking "Create Key" a warning about weak password is shown (expected: first the confirm field should be filled. this would be solved by greying out Create key until all fields are filled
off-tocic notes regarding the new key dialog
- grey out "Create Key" until all required fields have been filled
- Create new key pair -> Create new key (dialog title)
number of characters, color
0 D45A57 (show small portion of red indicator)
1 D45A57
2 D45A57
3 D45A57
4 D45A57
5 D6685B
6 D67360
7 DC8059
8 D7905A
9 DD9D56
10 D6A65A
11 D7B15E
12 D6BB64
13 D8C658
14 DAD256
15 D3D75E
16 CDD767
17 C3DA54
18 B9D861
19 ACDB59
20 A2D959
21 9BD95E
22 93DB55
23 -34 93DB55Besides number of characters the strength indicator jumps 2 instead of one step when using any of the following for the first time: special character, number, capital letter. Additional numbers, caps, special chars increase the pw strength just one step.
-
Support July 4th, 2018 @ 09:45 AM
- State changed from “new” to “fixed”
- Assigned user set to “Mento”
- Milestone set to “1.4.5”
(from [0a25cc0c0d6c44049ab357402e603f03ac7c363f]) Show a password strength indicator when creating a new key.
Better calulate the real password strength.
[#442 state:fixed assigned:mento milestone:1.4.5] [NEW] https://github.com/GPGTools/GPGKeychainAccess/commit/0a25cc0c0d6c44... -
Support July 4th, 2018 @ 11:43 AM
(from [cd046887b5d2ad4c7854f4ce91e80a5a41d1e7d8]) Show a password strength indicator when creating a new key.
Better calulate the real password strength.
[#442 state:fixed assigned:mento milestone:1.4.5] [NEW] https://github.com/GPGTools/GPGKeychainAccess/commit/cd046887b5d2ad... -
steve July 4th, 2018 @ 12:04 PM
- State changed from “fixed” to “verified”
macOS 10.13.5
GPG Suite 2242n
verified -
steve September 15th, 2018 @ 03:55 PM
- Title changed from “don't warn about password too simple when it's clearly not” to “don't warn about password too simple when it's clearly not, use new mechanism for pw strength indicator”
-
steve September 26th, 2018 @ 10:56 AM
- State changed from “verified” to “released”
Please Sign in or create a free account to add a new ticket.
With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.
Create new ticket
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป
Luke Le
Mento
steve