|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General InformationKeePass 1.26 / 2.23 and newer. KeePass uses an advanced algorithm for estimating the quality/strength of passwords. It searches for patterns, like e.g. popular passwords (based on a built-in list of about 10000 most common passwords; variations by upper-/lower-case and L33t substitutions are detected), repeated sequences, numbers (consisting of multiple digits), constant difference sequences, etc. For each pattern combination covering the whole password, the cost (number of bits required to encode the data and the order of the pattern identifiers) is calculated. For encoding pattern identifiers, an optimal static entropy encoder is used. Each single password character forms a pattern of length 1 and is encoded using a character space-dependent damped static entropy encoder. The minimum pattern combination cost is used as the final quality estimation. KeePass 1.25 / 2.22 and earlier. These old versions of KeePass used a simple algorithm for estimating the quality/strength of passwords. It checks which character spaces are used (upper-case, lower-case, digits, special characters, ...). Repeated characters and character differences result in penalties. Finally, KeePass tests whether the whole password is popular (based on a built-in list of about 1500 most common passwords), and if so, the final estimation is only 1/8th of the statistical rating. Entropy to QualityKeePass shows the quality of a password in entropy bits (equivalent size of a random symmetric key). The bit count can roughly be translated to quality as follows:
ComparisonThe table below lists the estimated strengths of the given passwords. Values are in bits (rounded up to the nearest integer, if rational bit strengths are shown) or as a fraction of a strong password (1/4 = very weak, 2/4 = weak, 3/4 = strong, 4/4 = very strong). One line shows the password to be tested, and the line below the estimated strengths. The values were obtained using the following program/website versions:
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||