[PATCH] stop using pwgen

Brian Candler b.candler at pobox.com
Sun Dec 18 16:43:38 CET 2016

On 18/12/2016 14:54, Jason A. Donenfeld wrote:
> Because sites have password length requirements, not password entropy
> requirements. Base64 has a minimal character set.
It's true that sites have password length requirements (minimum and/or 
maximum). But it's nonsense that base64 is not suitable for this purpose!

base64 gives you a choice of 64 symbols, or 6 bits per symbol.

[:graph:] gives you a choice of 95 symbols, or 6.57 bits per symbol.

This difference is minimal. If you want to generate a password with 96 
bits of entropy, then you can do it with 16 characters of base64, or 15 
characters of [:graph:].   Big deal.  You saved one character.



More information about the Password-Store mailing list