Opened 9 years ago
Closed 9 years ago
#32411 closed enhancement (invalid)
Password Strengh giving "strong" for a bad password
Reported by: | juliobox | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 4.3 |
Component: | Security | Keywords: | |
Focuses: | Cc: |
Description
Hello folks,
I was testing some password patterns and i found one kind of password that triggers the "strong" result, but, i think, not really being secure.
The password is :
b. .
(space space b dot space space dot). Yes, i'm weird testing this ;)
"b" can't be "a" but can be "x", Some spaces can be "-" etc
Only 7 chars, only 4 differents, no caps, 2 times 2 same chars.
If i relay (a little) on http://howsecureismypassword.net this password will be cracked by BF attacks in 0.05sec
Maybe the pasword strengh algorythm has to be checked?
Thanks you
Change History (4)
#2
@
9 years ago
This should probably be reported upstream at https://github.com/dropbox/zxcvbn.
Related: #28910.
Note: See
TracTickets for help on using
tickets.
You can also test :
6 chars, still strong