Bug 204661
Summary: | esc password strength algorithm seems a little off | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | Ray Strode [halfline] <rstrode> |
Component: | esc | Assignee: | Jack Magne <jmagne> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 5.0 | CC: | blord, ckannan, rrelyea |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | RHEL5.0NACK | ||
Fixed In Version: | RHBA-2007-0634 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-11-07 16:57:42 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 202042 |
Description
Ray Strode [halfline]
2006-08-30 17:51:28 UTC
Do you get the same number of blocks in Firefox's master password panel? Well, firefox uses a different type of indicator (a progress bar instead of little blocks), but in firefox it only goes half way (which is still pretty generous I think for a 4 character password composed of only one repeated digit). With ESC it does 4 out 6 blocks, so that's 2/3 of the way I guess. I will check to see if I'm even being more generous with the blinking lights than the algorithm is actually asking for. Issue addressed in Rawhide build esc-1.0.0-15 when available. The algorithm is unchanged but was able to tweak how the algorithm's output is mapped to the actual graphic display. 0000 -> 3/6 blocks 00000 -> 4/6 blocks 000000 -> 5/6 blocks Is this what we want ? (In reply to comment #6) > 0000 -> 3/6 blocks > 00000 -> 4/6 blocks > 000000 -> 5/6 blocks > > Is this what we want ? If adding more "zeroes" gets you to 5/6, then NO this is broken behavior. Please review the work we did in Firefox's password manager to see how it should be done. I didn't think so but wanted other folks input before failing this test. I retested against the 20061012.2 candidate ... REOPENing - FAILS_QA This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux major release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Major release. This request is not yet committed for inclusion. This bug was proposed for RHEL 5, but wasn't resolved in time. I am proposing this issue to RHEL 5.1. This bug was proposed for RHEL 5, but wasn't resolved in time. devel_ack+ for RHEL 5.1. Locally have changed the password dialog to show the standard progress bar as in Mozilla. Unfortunately we will lose the attractive graphics. Having done a few tests, the readout corresponds nicely to what is shown in Mozilla when changing the master password. Fixed in esc-1.0.0-21.el5 . Test: 1. Bring up the Smart Card Manager Window. 2. Insert an enrolled token. 3. Select the "Reset PIN" button, which brings up the password dialog. 4. Observe the performance of the password strength meter and compare it to the similar dialog in Firefox used to set the master password. Verified on x86_64. rhel5u1. snapshot#2. meter works the same way as the meter in firefox does ... Tried some passwords like these... aaaaaaaaaaaaaaa 1111111111111111 asdas098d09asd890as8d9sa789das asdfaskjnkmnkljasdlksajdlkjlasdkj;a asdhasdkjasd6sd76sd6s5d6d6askmnd 2lj4lk23j 4k4 234k23 j4k4 2344 jk23 @$@#$@#$@#$@#$@#$@#^%$&%^&%^&%^&%^ 000000000000 0000000000 00000 000 0 An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2007-0634.html |