[PATCH] stop using pwgen
Leho Kraav
leho at kraav.com
Tue Dec 20 14:44:28 CET 2016
On Tue, Dec 20, 2016 at 02:29:01PM +0100, ilf wrote:
> Kjetil Torgrim Homme:
> > sometimes you have to enter passwords by hand
>
> If that's your use-case, it could be an option.
>
> But that shouldn't be the default. The default use of pass is for
> copy+paste.
>
> So by default, generated passwords should be high-entropy instead of
> meaningful and memorable.
Not sure these are the correct qualifications we're looking for. I
have been in Kjetil's use case scenario multiple times, here's the
conclusion:
* meaningful - not important
* memorable - not important
* readable - important
* lengthy - important
Is there a meaningful security difference between jibberish and a
lengthy random human-readable word list sentence, with mixed-case and
numbers and all? The famous XKCD illustration addressed this adequately
for most purposes, no?
More information about the Password-Store
mailing list