[PATCH] stop using pwgen
b.candler at pobox.com
Sun Dec 18 16:43:38 CET 2016
On 18/12/2016 14:54, Jason A. Donenfeld wrote:
> Because sites have password length requirements, not password entropy
> requirements. Base64 has a minimal character set.
It's true that sites have password length requirements (minimum and/or
maximum). But it's nonsense that base64 is not suitable for this purpose!
base64 gives you a choice of 64 symbols, or 6 bits per symbol.
[:graph:] gives you a choice of 95 symbols, or 6.57 bits per symbol.
This difference is minimal. If you want to generate a password with 96
bits of entropy, then you can do it with 16 characters of base64, or 15
characters of [:graph:]. Big deal. You saved one character.
More information about the Password-Store