On Tue, 30 Oct 2018 at 08:25AM +0100, Lenz Weber wrote:
> Is this something that pass needs? Or, more crass: should it offer this
> feature or should it be considered harmful?

Not necessarily harmful, but useless within the context of a password
manager.

> The point of pass, or any password manager, is not having to remember or
> even know your password.

So you can generate short, complicated passwords that still have enough
entropy. Those don't have to be short, but what's the benefit of
generating a long password?

> What are other people's opinions on this?

My (more or less informed) side opinion about the necessary entropy:
what matters is the average time it takes an attacker to guess the
password. This depends very much on how it is stored (especially the
hashing method). If you are sure that the hashing method is going to
slow down the attacker considerably, then the password's entropy can be
quite low, and the lower entropy of a diceware password is not a
problem. Of course, high entropy does not hurt if it comes at no extra
cost and you don't have to input the password manually.

Matthieu
-- 
 (~._.~)            Matthieu Weber - mwe...@free.fr              (~._.~)
  ( ? )                http://weber.fi.eu.org/                    ( ? ) 
 ()- -()          public key id : 0x85CB340EFCD5E0B3             ()- -()
 (_)-(_) "Humor ist, wenn man trotzdem lacht (Otto J. Bierbaum)" (_)-(_)

Attachment: signature.asc
Description: PGP signature

_______________________________________________
Password-Store mailing list
Password-Store@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/password-store

Reply via email to