[Bug 1044868] Re: Ubuntu should encourage stronger passwords using stronger algorithms, note i18n issues

Fri Sep 7 01:34:58 UTC 2012

Thank you for taking the time to make Ubuntu better. Since what you
submitted is not really a bug, or a problem, but rather an idea to
improve Ubuntu, you are invited to post your idea in Ubuntu Brainstorm
at http://brainstorm.ubuntu.com/ where it can be discussed, voted by the
community and reviewed by developers. Thanks for taking the time to
share your opinion!

Individual packages do not have capacity to each develop their own
algorithms, a strong / good library should be created or chosen out of
multiple implementations and integrated in many packages: ubiquity &
gnome-control-centre is just two of many places where users create a
passwords. Therefore this will required deeper thought and better
integration, given the high requirements, full i18n awareness is hard to
achieve pragmatically.

As a rule of thumb concatenated short sentance (15 characters of more)
will always be stronger than random / shorter strings.

And there will always be an easy password as perceived by the human, yet
marked as hard by an algorithm.

We do not want it to be impossible to achieve "fair/good/strong"
passwords. As it is merely an indication that a user is on the right
track to a strong password, not an approval.

There are many installations and context where a strong password is not
needed, nor desired by design. E.g. cloud images have passwordless
accounts & passwordless root. Because access to those machines is locked
down via public-key ssh connections. There is no way to know what
authentication context will be used and what is the full security model.
One password will not protect you.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to ubiquity in Ubuntu.
https://bugs.launchpad.net/bugs/1044868

Title:
  Ubuntu should encourage stronger passwords using stronger algorithms,
  note i18n issues

Status in “gnome-control-center” package in Ubuntu:
  Won't Fix
Status in “ubiquity” package in Ubuntu:
  Won't Fix

Bug description:
  When you set the password during the installation or also when you
  change it via the gnome-control-center you can insert a weak password
  (like "123456" or "qwerty" or "abcdef" or "password" itself) without
  any alerts, or so on.

  The suggestion is a password strength verification that includes the most used passwords (like "1234" or "qwerty") and a dictionary that includes the word password in every language.
  A special attention to language like Spanish where "password" is "contraseña", and where is the character "ñ" which can be recognize as a special symbol.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/1044868/+subscriptions