Unambiguous Passwords

Fernando Cladera fcladera at fcladera.com
Fri Dec 4 05:17:40 CET 2020


Hi Jens,

I understand the argument behind the font, and I myself use all distinctive mono 
fonts.

Nonetheless, my use case is way simpler. I use pass to generate WiFi passwords 
(among others), and this weekend my girlfriend struggled for 10 minutes to find 
the right combination of 0OIl in my 20-character password that I shared through 
SMS. Needless to say that this triggered a discussion regarding why my 
passwords are like that, instead of "something simpler". Arguing about entropy 
was, unfortunately, not well received.

So my counterargument is that you cannot always control the font in which the 
password will be displayed, and this may be an issue. That is why Bitcoin 
removes these characters from their addresses.

I have a patch ready, but I understand if there is no interest in such feature.

Thanks,

Fernando

On 04/12/20, Jens Tröger wrote:
>Hello,
>
>I would think not, because those symbols themselves are part of the
>generated random sequence and because they’re not ambiguous themselves.
>
>Displaying these symbols in a font whose glyphs are ambiguous is a
>different issue and text (e.g. generated passwords) should not adjust
>to the shortcomings of fonts.
>
>See also the Jetbrains’ Mono font:
>
>  https://www.jetbrains.com/lp/mono/
>
>and the section on “Distinctiveness of symbols”
>
>Cheers,
>Jens
>
>
>On Thu, Dec 03, 2020 at 10:42:03PM -0500, Fernando Cladera wrote:
>> Hi all,
>>
>> First of all, thanks for such an awesome tool!
>>
>> I have a comment/question. Is there interest in adding unambiguous no-symbol
>> passwords, like Bitcoin does? I.e. removing uppercase letter "O", uppercase
>> letter "I", lowercase letter "l", and the number "0".
>>
>> Thanks,
>> Fernando
>
>-- 
>Jens Tröger
>https://savage.light-speed.de/


More information about the Password-Store mailing list