[Bug 1044868] Re: Ubuntu should encourage stronger passwords using stronger algorithms, note i18n issues
This release of Ubuntu is no longer receiving maintenance updates. If this is still an issue on a maintained version of Ubuntu please let us know. ** Changed in: ubiquity (Ubuntu) Status: Triaged => Incomplete -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gnome-control-center in Ubuntu. https://bugs.launchpad.net/bugs/1044868 Title: Ubuntu should encourage stronger passwords using stronger algorithms, note i18n issues To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/1044868/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1044868] Re: Ubuntu should encourage stronger passwords using stronger algorithms, note i18n issues
Thanks for the update Gunnar. -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gnome-control-center in Ubuntu. https://bugs.launchpad.net/bugs/1044868 Title: Ubuntu should encourage stronger passwords using stronger algorithms, note i18n issues To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/1044868/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1044868] Re: Ubuntu should encourage stronger passwords using stronger algorithms, note i18n issues
Yes, the password check in the installer is still not in sync with the check in g-c-c. ** Changed in: ubiquity (Ubuntu) Status: Incomplete => Triaged -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gnome-control-center in Ubuntu. https://bugs.launchpad.net/bugs/1044868 Title: Ubuntu should encourage stronger passwords using stronger algorithms, note i18n issues To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/1044868/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1044868] Re: Ubuntu should encourage stronger passwords using stronger algorithms, note i18n issues
On 2012-11-24 03:56, Jeremy Bicha wrote: This is fixed with gnome-control-center 3.6.3 which has been uploaded to raring for Ubuntu 13.04. You can't set 123456 as your password via System Settings. I'm reopening the ubiquity task as ubiquity should be updated to use libpwquality. It's frustrating that it's possible to set a very easy password when installing Ubuntu but you can't set that password via System Settings. Personally I'd prefer a slightly different solution. _Encouraging_ strong passwords, as the bug summary says, is excellent; making strong passwords _mandatory_ is not. Ideally there should be an option for admins to decide the level of security by selecting either recommended or mandatory. Probably a suitable topic for an upstream bug... -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gnome-control-center in Ubuntu. https://bugs.launchpad.net/bugs/1044868 Title: Ubuntu should encourage stronger passwords using stronger algorithms, note i18n issues To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/1044868/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1044868] Re: Ubuntu should encourage stronger passwords using stronger algorithms, note i18n issues
Here's the bug to allow overriding the strong password check: https://bugzilla.gnome.org/show_bug.cgi?id=688315 I still think ubiquity should use the same library for password strength checking (python-pwquality). Also, contraseña is a valid password because it's 9 characters long; passwords is also valid. cracklib, the underlying library, can use wordlists. ** Bug watch added: GNOME Bug Tracker #688315 https://bugzilla.gnome.org/show_bug.cgi?id=688315 -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gnome-control-center in Ubuntu. https://bugs.launchpad.net/bugs/1044868 Title: Ubuntu should encourage stronger passwords using stronger algorithms, note i18n issues To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/1044868/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1044868] Re: Ubuntu should encourage stronger passwords using stronger algorithms, note i18n issues
On 2012-11-24 22:38, Jeremy Bicha wrote: Here's the bug to allow overriding the strong password check: https://bugzilla.gnome.org/show_bug.cgi?id=688315 So it was already written. Thanks! I'll add a comment saying that I support it. Hopefully it will make Matthias happy, so he supports my proposal at https://bugzilla.gnome.org/show_bug.cgi?id=687945. ;-) I still think ubiquity should use the same library for password strength checking (python-pwquality). Agreed. A better algorithm does not preclude an option for admins to decide whether it's mandatory to comply with it, right? ** Bug watch added: GNOME Bug Tracker #687945 https://bugzilla.gnome.org/show_bug.cgi?id=687945 -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gnome-control-center in Ubuntu. https://bugs.launchpad.net/bugs/1044868 Title: Ubuntu should encourage stronger passwords using stronger algorithms, note i18n issues To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/1044868/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1044868] Re: Ubuntu should encourage stronger passwords using stronger algorithms, note i18n issues
This is fixed with gnome-control-center 3.6.3 which has been uploaded to raring for Ubuntu 13.04. You can't set 123456 as your password via System Settings. I'm reopening the ubiquity task as ubiquity should be updated to use libpwquality. It's frustrating that it's possible to set a very easy password when installing Ubuntu but you can't set that password via System Settings. ** Changed in: gnome-control-center (Ubuntu) Status: Triaged = Fix Released ** Changed in: ubiquity (Ubuntu) Status: Won't Fix = Triaged -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gnome-control-center in Ubuntu. https://bugs.launchpad.net/bugs/1044868 Title: Ubuntu should encourage stronger passwords using stronger algorithms, note i18n issues To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/1044868/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1044868] Re: Ubuntu should encourage stronger passwords using stronger algorithms, note i18n issues
reinodeespana = Weak (miss spelled) reinodeespaña = Fair (spelled properly) it's the Ñ, witch is NOT a special character in any es_ locale. republiquefrancaise = Weak (miss spelled) républiquefrançaise = Good (spelled properly) the é and the ç add extra strength, thought it's how french people write it. Having in mind that the only access the password provides in a default installation is with physical access to the machine, not by a random internet bot or virus, how is that stronger when it's spelled correctly? (according to the declared locale/country/keymap) -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gnome-control-center in Ubuntu. https://bugs.launchpad.net/bugs/1044868 Title: Ubuntu should encourage stronger passwords using stronger algorithms, note i18n issues To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/1044868/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1044868] Re: Ubuntu should encourage stronger passwords using stronger algorithms, note i18n issues
Most of those words are already on the installation media. The country names, being the most basic are obviously there since I have to choose it on previous steps. The most important thing is that special characters should be based on the keymap and/or the selected locale. Being ambiguous, like dns that accept ñ as n, ç as c, should solve the part were españa is not treated as a word but as espa(special character N)a. Keep in mind that In most countries english is not the local language. If the last impression, prior to the use of the installed system is my password is ridiculously weak and it's accepted as fair without a warning does not look secure enough. And it's misleading to have a strength check that does not respond to rules relative to the language, keymap and country declared before. However simple and inconclusive the verification is, it should behave the same way for every condition provided. I remark the country name because it's prompted, even auto-selected with geoip with internet connection, before the password is entered. That check is obviously done with the unitedkingdom and unitedstatesofamerica. -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gnome-control-center in Ubuntu. https://bugs.launchpad.net/bugs/1044868 Title: Ubuntu should encourage stronger passwords using stronger algorithms, note i18n issues To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/1044868/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1044868] Re: Ubuntu should encourage stronger passwords using stronger algorithms, note i18n issues
Some country names are, but not all. Converting to ascii is not that easy, think about arabic languages. I am confused about your remark about unitedkingdon and unitedstatesofamerica, we use geonames database which has comprehensive official, alternative and local/slang names of cities/towns/locations. It is not specific to UK nor USA. The database quality does vary from country to country. However simple and inconclusive the verification is, it should behave the same way for every condition provided. Both halfs of this statement contradict each other. It currently is simple and inconclusive. It is not meant to be comprehensive and cover every possible condition. This is out of scope for ubiquity project by it self and should be implemented externally. Do you know a library that provides such comprehensive functionality and calculates passwords strengths based on localised hints? ** Changed in: ubiquity (Ubuntu) Status: Triaged = Won't Fix ** Changed in: gnome-control-center (Ubuntu) Status: Triaged = Won't Fix -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gnome-control-center in Ubuntu. https://bugs.launchpad.net/bugs/1044868 Title: Ubuntu should encourage stronger passwords using stronger algorithms, note i18n issues To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/1044868/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1044868] Re: Ubuntu should encourage stronger passwords using stronger algorithms, note i18n issues
Thank you for taking the time to make Ubuntu better. Since what you submitted is not really a bug, or a problem, but rather an idea to improve Ubuntu, you are invited to post your idea in Ubuntu Brainstorm at http://brainstorm.ubuntu.com/ where it can be discussed, voted by the community and reviewed by developers. Thanks for taking the time to share your opinion! Individual packages do not have capacity to each develop their own algorithms, a strong / good library should be created or chosen out of multiple implementations and integrated in many packages: ubiquity gnome-control-centre is just two of many places where users create a passwords. Therefore this will required deeper thought and better integration, given the high requirements, full i18n awareness is hard to achieve pragmatically. As a rule of thumb concatenated short sentance (15 characters of more) will always be stronger than random / shorter strings. And there will always be an easy password as perceived by the human, yet marked as hard by an algorithm. We do not want it to be impossible to achieve fair/good/strong passwords. As it is merely an indication that a user is on the right track to a strong password, not an approval. There are many installations and context where a strong password is not needed, nor desired by design. E.g. cloud images have passwordless accounts passwordless root. Because access to those machines is locked down via public-key ssh connections. There is no way to know what authentication context will be used and what is the full security model. One password will not protect you. -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gnome-control-center in Ubuntu. https://bugs.launchpad.net/bugs/1044868 Title: Ubuntu should encourage stronger passwords using stronger algorithms, note i18n issues To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/1044868/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1044868] Re: Ubuntu should encourage stronger passwords using stronger algorithms, note i18n issues
As Seb already mentioned https://fedorahosted.org/libpwquality/ is a smarter password strength checker. The library itself is already in main. $ rmadison -S libpwquality libpam-pwquality |1.1.1-1 | quantal/universe | amd64, armel, armhf, i386, powerpc libpwquality |1.1.1-1 | quantal | source libpwquality-dev |1.1.1-1 | quantal | amd64, armel, armhf, i386, powerpc libpwquality-tools |1.1.1-1 | quantal/universe | amd64, armel, armhf, i386, powerpc libpwquality1 |1.1.1-1 | quantal | amd64, armel, armhf, i386, powerpc python-pwquality |1.1.1-1 | quantal/universe | amd64, armel, armhf, i386, powerpc Reopening the gnome-control-center bug since this will actually be fixed next cycle. I think this should stay open as a wishlist bug against ubiquity. ** Changed in: gnome-control-center (Ubuntu) Status: Won't Fix = Triaged -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gnome-control-center in Ubuntu. https://bugs.launchpad.net/bugs/1044868 Title: Ubuntu should encourage stronger passwords using stronger algorithms, note i18n issues To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/1044868/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1044868] Re: Ubuntu should encourage stronger passwords using stronger algorithms, note i18n issues
xnox, I have no intent to improve the password strength verification on the installer itself. That was a suggestion on the first post. My intentions in this thread is to make the same relative rules apply to the installer verification algorithm. As absolute ones, such as treating ñ as a special character are inappropriate in spanish or treating ç makes no sense in portuguese or french, since they are part of the local alphabet. It was mentioned and link-referred that length makes stronger passwords but not if it's a known phrase or, lets say, country name. Including thousands of words per language/locale/keymap it's very hard, acknowledged. But making ñ look the same to an n or an ç the same to the c when spanish, french or portuguese are the declared locale/language on the installation process does not seem like an awkward request to fix the misbehavior of the password strength verification. Another idea is: lets get rid of the whole verification process on locales/languages other than english, since it does not reflect any good practice at all, specially, compared to the relative situation in english settings. To explain in more detail my previous paragraph: If I choose england as my country, english as my language, english as my keymap, the unitedkingdom password is marked as weak. It certainly should. But if my locales are spanish, my country espaÑa and my keymap the ES one, españa is a fair password to the installer. That is not the same behavior when taken relative to the declared variables (keymap,country,language) witch, at least to me, looks like a bug. You mention that you do not want it to be impossible to achieve fair/... passwords, that is a merely indication of the right track to a strong password. Well, the country name should not be on that path. I really think someone else thinks like me, otherwise, why is unitedstatesofamerica (21 character long) a weak password? The bug call remains. I believe everything to fix this mis behavior is already in place. PS: Thank you to the pointers to improve the verification, I'll see what can I suggest in through those channels. PS2: for the previous, present and following posts, I apologize for any language related confusion. English is not my first language and I sincerely understand that's a barrier to comprehend each other. -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gnome-control-center in Ubuntu. https://bugs.launchpad.net/bugs/1044868 Title: Ubuntu should encourage stronger passwords using stronger algorithms, note i18n issues To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/1044868/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1044868] Re: Ubuntu should encourage stronger passwords using stronger algorithms, note i18n issues
There are many installations and context where a strong password is not needed, nor desired by design. E.g. cloud images have passwordless accounts passwordless root. Because access to those machines is locked down via public-key ssh connections. There is no way to know what authentication context will be used and what is the full security model. One password will not protect you. I know. That is why I defined the conditions where the bug appear to be obvious to me. Not a cloud image, not the server installer, not the alternate cd installer, the GUI installer from the 32-bit Ubuntu Live CD installing on a qemu-kvm VM. -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gnome-control-center in Ubuntu. https://bugs.launchpad.net/bugs/1044868 Title: Ubuntu should encourage stronger passwords using stronger algorithms, note i18n issues To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/1044868/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs