Den 18. des. 2016 00:40, Antoine Beaupré skreiv: > here are the ones I know of: > > * head -c $ENTROPY | base64 | tr -d '=\n' > * pwqgen - uses a wordlist and a specified entropy level > * diceware - uses a wordlist and dicerolls (or /dev/random) > > the latter two are meant to be "human-memorable". i am not sure that > should be a goal of pass: the whole point of a password manager is to > *not* have to remember passwords. making passwords memorable makes them > weaker and easier to bruteforce, and should be avoided in our use case.
human-memorable also means human-typable. sometimes you have to enter passwords by hand, on a mobile phone, or on a console in a cold data centre. for the former, pass phrases are easier (you may even get help from auto-correct ;), for the latter, a fourth category is useful: keyboard layout agnostic passwords. don't you hate it when you need to enter a ";" in the password and you have no idea if you should press the Ø-key or Shift-comma? base64-encoded passwords fail both these use cases. (all of /, + and = move around. even azy/qwz do ...) -- Kjetil T. Homme Redpill Linpro - Changing the game
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Password-Store mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/password-store
