Unambiguous Passwords
Fernando Cladera
fcladera at fcladera.com
Fri Dec 4 05:17:40 CET 2020
Hi Jens,
I understand the argument behind the font, and I myself use all distinctive mono
fonts.
Nonetheless, my use case is way simpler. I use pass to generate WiFi passwords
(among others), and this weekend my girlfriend struggled for 10 minutes to find
the right combination of 0OIl in my 20-character password that I shared through
SMS. Needless to say that this triggered a discussion regarding why my
passwords are like that, instead of "something simpler". Arguing about entropy
was, unfortunately, not well received.
So my counterargument is that you cannot always control the font in which the
password will be displayed, and this may be an issue. That is why Bitcoin
removes these characters from their addresses.
I have a patch ready, but I understand if there is no interest in such feature.
Thanks,
Fernando
On 04/12/20, Jens Tröger wrote:
>Hello,
>
>I would think not, because those symbols themselves are part of the
>generated random sequence and because they’re not ambiguous themselves.
>
>Displaying these symbols in a font whose glyphs are ambiguous is a
>different issue and text (e.g. generated passwords) should not adjust
>to the shortcomings of fonts.
>
>See also the Jetbrains’ Mono font:
>
> https://www.jetbrains.com/lp/mono/
>
>and the section on “Distinctiveness of symbols”
>
>Cheers,
>Jens
>
>
>On Thu, Dec 03, 2020 at 10:42:03PM -0500, Fernando Cladera wrote:
>> Hi all,
>>
>> First of all, thanks for such an awesome tool!
>>
>> I have a comment/question. Is there interest in adding unambiguous no-symbol
>> passwords, like Bitcoin does? I.e. removing uppercase letter "O", uppercase
>> letter "I", lowercase letter "l", and the number "0".
>>
>> Thanks,
>> Fernando
>
>--
>Jens Tröger
>https://savage.light-speed.de/
More information about the Password-Store
mailing list