Bug 204661 - esc password strength algorithm seems a little off
esc password strength algorithm seems a little off
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: esc (Show other bugs)
5.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jack Magne
RHEL5.0NACK
:
Depends On:
Blocks: 202042
  Show dependency treegraph
 
Reported: 2006-08-30 13:51 EDT by Ray Strode [halfline]
Modified: 2007-11-30 17:07 EST (History)
3 users (show)

See Also:
Fixed In Version: RHBA-2007-0634
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-11-07 11:57:42 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Ray Strode [halfline] 2006-08-30 13:51:28 EDT
My smart card password is currently "0000".  This gets way more blocks in the
strength meter then it probably should.
Comment 1 Bob Lord 2006-08-30 16:11:45 EDT
Do you get the same number of blocks in Firefox's master password panel?
Comment 2 Ray Strode [halfline] 2006-08-30 17:46:16 EDT
Well, firefox uses a different type of indicator (a progress bar instead of
little blocks), but in firefox it only goes half way (which is still pretty
generous I think for a 4 character password composed of only one repeated digit).

With ESC it does 4 out 6 blocks, so that's 2/3 of the way I guess.
Comment 3 Jack Magne 2006-08-31 01:11:51 EDT
I will check to see if I'm even being more generous with the blinking lights
than the algorithm is actually asking for.
Comment 5 Jack Magne 2006-09-24 13:04:14 EDT
Issue addressed in Rawhide build esc-1.0.0-15 when available. The algorithm is
unchanged but was able to tweak how the algorithm's output is mapped to the
actual graphic display.
Comment 6 Orla Hegarty 2006-10-16 20:24:04 EDT
0000 -> 3/6 blocks
00000 -> 4/6 blocks
000000 -> 5/6 blocks

Is this what we want ? 
Comment 7 Bob Lord 2006-10-17 12:32:23 EDT
(In reply to comment #6)
> 0000 -> 3/6 blocks
> 00000 -> 4/6 blocks
> 000000 -> 5/6 blocks
> 
> Is this what we want ? 

If adding more "zeroes" gets you to 5/6, then NO this is broken behavior. 
Please review the work we did in Firefox's password manager to see how it should
be done.

Comment 8 Orla Hegarty 2006-10-17 16:30:58 EDT
I didn't think so but wanted other folks input before failing this test. 

I retested against the 20061012.2 candidate ...
REOPENing - FAILS_QA
Comment 9 RHEL Product and Program Management 2006-11-20 17:00:29 EST
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux major release.  Product Management has requested further
review of this request by Red Hat Engineering, for potential inclusion in a Red
Hat Enterprise Linux Major release.  This request is not yet committed for
inclusion.
Comment 10 Benjamin Kahn 2007-01-04 14:57:11 EST
This bug was proposed for RHEL 5, but wasn't resolved in time.
    I am proposing this issue to RHEL 5.1.
Comment 11 Bob Lord 2007-03-28 13:21:05 EDT
This bug was proposed for RHEL 5, but wasn't resolved in time.
    devel_ack+ for RHEL 5.1.
Comment 12 Jack Magne 2007-04-13 14:32:37 EDT
Locally have changed the password dialog to show the standard progress bar as in
Mozilla. Unfortunately we will lose the attractive graphics. Having done a few
tests, the readout corresponds nicely to what is shown in Mozilla when changing
the master password.
Comment 13 Jack Magne 2007-04-18 20:54:30 EDT
Fixed in esc-1.0.0-21.el5 .
Comment 15 Jack Magne 2007-06-27 19:22:31 EDT
Test:

1. Bring up the Smart Card Manager Window.
2. Insert an enrolled token.
3. Select the "Reset PIN" button, which brings up the password dialog.
4. Observe the performance of the password strength meter and compare it to the
similar dialog in Firefox used to set the master password.
Comment 17 Chandrasekar Kannan 2007-08-23 15:02:20 EDT
Verified on x86_64. rhel5u1. snapshot#2.

meter works the same way as the meter in firefox does ...
Tried some passwords like these...
aaaaaaaaaaaaaaa
1111111111111111
asdas098d09asd890as8d9sa789das
asdfaskjnkmnkljasdlksajdlkjlasdkj;a
asdhasdkjasd6sd76sd6s5d6d6askmnd
2lj4lk23j 4k4 234k23 j4k4 2344 jk23
@$@#$@#$@#$@#$@#$@#^%$&%^&%^&%^&%^
000000000000
0000000000
00000
000
0
Comment 19 errata-xmlrpc 2007-11-07 11:57:42 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2007-0634.html

Note You need to log in before you can comment on or make changes to this bug.