Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
T
tails
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 944
    • Issues 944
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 13
    • Merge Requests 13
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Incidents
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • tails
  • tails
  • Issues
  • #15027

Closed
Open
Opened Dec 08, 2017 by huertanix@huertanix

Passphrase Strength Meter for Persistence Wizard

Originally created by @huertanix on #15027 (Redmine)

Most trainings I’ve helped with around Tails have surfaced the need for prerequisite training on credential security and how to choose a strong passphrase for persistent volumes. Most of the time, however, that in-person training is not possible, and users resort to using weak passwords, or passwords that they are convinced are strong because of the late-90s era password rules on website accounts that tell them they are choosing strong passwords but really are not.

Rather than rely on the long history of users choosing weak passwords, it would be great to include a passphrase strength meter when users are choosing an persistence passphrase. A lot of research has been done in this field and some researchers at CMU has released some of it here: https://engineering.cmu.edu/news-events/news/2017/05/11-password-meter.html including source code: https://github.com/cupslab/password_meter. Implementing something like this would help people choose strong passphrases to make their strong encryption worthwhile.

Note: A user can still change their strong passphrase to a weak one using the Disks utility after creating the partition in case if there’s some edge case that requires a weak password.

Related issues

  • Is duplicate of #7002
Edited May 15, 2020 by huertanix
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
Reference: tails/tails#15027