#678 Non-repeating characters in passwords

closed
nobody
None
5
2012-11-25
2012-07-29
Anonymous
No

I originally posted this in the wrong section, and I wasn't very clear. My bad! Here is my second attempt:

Add an option to the Manage > Options > Password Policy tab:

[__] Permit repeating characters... (up to _)

This would be a configurable option with the default being 1. If this were enabled and set to 1, it would prevent the password "5657" because it uses the number 5 more than once. I use long random passwords and when generated automatically, I tend to get repeating characters, which can be considered less secure when trying to brute force passwords. When this happens, I have to go back and manually edit the generated password to remove repeating characters. Call me anal, but I like really secure passwords.

Many security policies prohibit consecutive characters (123, ABC, etc.) or multiple repeating characters (JJJJJ, etc.), however it appears that the Password Safe password generator doesn't generate passwords like this anyways. Very nice work, BTW.

Thanks for the awesome application!

Discussion

  • Comment has been marked as spam. 
    Undo

    You can see all pending comments posted by this user  here

    Anonymous - 2012-07-29

    On second thought, that would probably make more sense as:

    [__] LIMIT repeating characters... (up to _)

     
    Last edit: Anonymous 2014-03-23
  • Comment has been marked as spam. 
    Undo

    You can see all pending comments posted by this user  here

    Anonymous - 2012-07-29

    Jeez, looks like I posted it twice before this. Sorry about that!!!

    The more complex the password, the more difficult it is to crack using brute force methods and cryptanalysis. You could argue that this could limit the number of password combinations available, which would be true, but this does not weaken the password generated, it makes it stronger. If I can choose from the entire alphabet, upper & lower case, numbers, and alpha-numerics, it is not that difficult to create many unique and very secure passwords without repeating characters.

     
  • Rony Shapiro

    Rony Shapiro - 2012-07-29

    To elaborate on the post that Fernando referred to:

    Allowing repeating characters strengthens rather than weakens the password, as it increases the number of combinations that an attacker needs to try.

    This is easiest to see with a trivial example. Consider a 3 letter password, where each 'letter' is a digit, 1, 2, or 3.

    With repetitions, we have 333 = 27 combinations.
    If we disallow repetitions, we have only 6 combinations (!).

    Same principle (but larger numbers) applies for longer passwords with a larger set of letters.

    Rony

     
  • Rony Shapiro

    Rony Shapiro - 2012-11-25
    • status: pending --> closed
    • milestone: --> Next_Release_(example)
     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks