Re: Automated password appraisal (Re: New feature: Article rating)
Thu, 30 Mar 2000 17:15:57 GMT
First important question:

   Are there any bad passwords which this fails to reject?  (If it rejects
   a seemingly good password, that's not necessarily a problem.  Failing to
   reject a bad password is a far more serious problem.)

Grasp your French MacKeyboard. Start with the 'a' (upper
left letter), next you go one up to the '&', then you go one
right to 'é', one down to 'z', one right to 'e', one up to
'"' (double quote), one left to ''' (single quote), and
finally one down to 'r'.


is a very easy to type password (and maybe I shouldn't have
revealed it here).

Second important question:

   Are there words that you can think of which this fails to detect as
   potential weaknesses?  (Try to stump it!)

Legoland translated one row down and slightly to the left
(on a US MacKeyboard) is

   <svk,` x

which isn't all that bad a password.

I don't know if this really is a bad password, but I
couldn't resist trying it:


Another lost password choosing algorithm :-(

Non-English words containing characters outside of the strict 7-bit ASCII
character set are not yet handled (detected) properly.  This is because the
original word lists for those languages encoded these non-ASCII extended
characters using double-byte sequences which I haven't yet figured out how
to decode.  (Some are simple and obvious, for example :a for umlaut-a, or
/o for slash-o, but others, like curly braces and angle brackets, are still
mystifying.  There was no decoding documentation available with the source
files (or else I missed it somehow) but if a few people are willing to have
a look at a few examples in each language, we can probably figure it out
pretty quickly.  (I'll double-check again for decoding docs first.)

I wouldn't mind having a look. I don't know if you have a
copy of "my" wordlists [1,2].

Play well,


1) <URL: >
2) <URL: >

--  E-mail:                   --
--  Web...:       <URL: >       --

