#442 new
steve

don't warn about password too simple when it's clearly not

Reported by steve | February 7th, 2018 @ 02:30 PM

Testing some stuff in GPG Keychain I created a key with the following password:

this is a random password with spaces and umlauten äöü and umlauten ä with ü spaces ü oh and it is also reaaaaaalllllllllyyyyy looooonnnnngggg_.,., ´`´` and has a few special characters like ˚ and £££££

GPG Keychain warns about "Password too simple". This is clearly not the case. Unsure which rule is not met. Maybe that no numbers are included. But as we all know longer passwords are more secure than short password containing a single special character and a single number.

These warnings may be coming from gnupg in which case we should file a ticket with them.

Comments and changes to this ticket

  • steve

    steve May 9th, 2018 @ 01:46 PM

    Test Results GK Password Strength.7z

    • make color indicator thinner
    • can color changes have a soft transition?
    • make changes more liniar and stretch over a longer period of number of characters
    • when only filling password (and leaving confirm field blank) and clicking "Create Key" a warning about weak password is shown (expected: first the confirm field should be filled. this would be solved by greying out Create key until all fields are filled

    off-tocic notes regarding the new key dialog

    • grey out "Create Key" until all required fields have been filled
    • Create new key pair -> Create new key (dialog title)

    number of characters, color

    0 D45A57 (show small portion of red indicator)
    1 D45A57
    2 D45A57
    3 D45A57
    4 D45A57
    5 D6685B
    6 D67360
    7 DC8059
    8 D7905A
    9 DD9D56
    10 D6A65A
    11 D7B15E
    12 D6BB64
    13 D8C658
    14 DAD256
    15 D3D75E
    16 CDD767
    17 C3DA54
    18 B9D861
    19 ACDB59
    20 A2D959
    21 9BD95E
    22 93DB55
    23 -34 93DB55

    Besides number of characters the strength indicator jumps 2 instead of one step when using any of the following for the first time: special character, number, capital letter. Additional numbers, caps, special chars increase the pw strength just one step.

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

Shared Ticket Bins

People watching this ticket

Pages