[PATCH] stop using pwgen
Kjetil Torgrim Homme
kjetil.homme at redpill-linpro.com
Tue Dec 20 12:10:11 CET 2016
Den 18. des. 2016 00:40, Antoine Beaupré skreiv:
> here are the ones I know of:
>
> * head -c $ENTROPY | base64 | tr -d '=\n'
> * pwqgen - uses a wordlist and a specified entropy level
> * diceware - uses a wordlist and dicerolls (or /dev/random)
>
> the latter two are meant to be "human-memorable". i am not sure that
> should be a goal of pass: the whole point of a password manager is to
> *not* have to remember passwords. making passwords memorable makes them
> weaker and easier to bruteforce, and should be avoided in our use case.
human-memorable also means human-typable. sometimes you have to enter
passwords by hand, on a mobile phone, or on a console in a cold data
centre. for the former, pass phrases are easier (you may even get help
from auto-correct ;), for the latter, a fourth category is useful:
keyboard layout agnostic passwords. don't you hate it when you need to
enter a ";" in the password and you have no idea if you should press the
Ø-key or Shift-comma?
base64-encoded passwords fail both these use cases. (all of /, + and =
move around. even azy/qwz do ...)
--
Kjetil T. Homme
Redpill Linpro - Changing the game
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20161220/e511a707/attachment.asc>
More information about the Password-Store
mailing list