[PATCH] Add support for XKCD-style wordlist passwords
Matthieu Weber
mweber at free.fr
Tue Oct 30 09:11:49 CET 2018
On Tue, 30 Oct 2018 at 08:25AM +0100, Lenz Weber wrote:
> Is this something that pass needs? Or, more crass: should it offer this
> feature or should it be considered harmful?
Not necessarily harmful, but useless within the context of a password
manager.
> The point of pass, or any password manager, is not having to remember or
> even know your password.
So you can generate short, complicated passwords that still have enough
entropy. Those don't have to be short, but what's the benefit of
generating a long password?
> What are other people's opinions on this?
My (more or less informed) side opinion about the necessary entropy:
what matters is the average time it takes an attacker to guess the
password. This depends very much on how it is stored (especially the
hashing method). If you are sure that the hashing method is going to
slow down the attacker considerably, then the password's entropy can be
quite low, and the lower entropy of a diceware password is not a
problem. Of course, high entropy does not hurt if it comes at no extra
cost and you don't have to input the password manually.
Matthieu
--
(~._.~) Matthieu Weber - mweber at free.fr (~._.~)
( ? ) http://weber.fi.eu.org/ ( ? )
()- -() public key id : 0x85CB340EFCD5E0B3 ()- -()
(_)-(_) "Humor ist, wenn man trotzdem lacht (Otto J. Bierbaum)" (_)-(_)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20181030/8407078c/attachment.asc>
More information about the Password-Store
mailing list