Den 30. okt. 2018 12:10, skreiv Matthieu Weber: > On Tue, 30 Oct 2018 at 10:33AM +0100, Kjetil Torgrim Homme wrote: >> yes, but sometimes you need to enter this password by hand. I use horse >> battery passwords when I might need to enter the password on a mobile >> phone or on a console in a chilly data centre in the middle of the >> night. both of these will often have problems with strange characters >> or keyboard layouts (is "&" on Shift 6 or Shift 7? since there is often >> no echo, there is no way to be sure!) > > So you want passwords that are easy to type: generate passwords that are > made entirely of lowercase letters, all you need is 40% more characters > to have the same entropy as a password made of alphanumerics+symbols > i.e., 11 characters instead of 8. They will be easy enough to type even > on exotic keyboards, and can be generated using only tools that pass > uses already. All you need is to add to “pass generate” an option to > reduce $CHARACTER_SET to [:lower:].
it is not easy to type wahseepienoofac on a mobile phone, IMHO. but adding periods (not hyphens! the key moves around) will help - not for entropy, but to make it easier to read and track how far I've gotten: wah.see.pie.noo.fac (I just realised I am lucky that I never have qwertz or azerty in my environment... that would reduce the number of available letters to 21, ertuiop/sdfghjkl/xcvbnm, by my count. digits, comma and period brings the total to 33.) >> average length of 13 characters. this doesn't really help entropy, >> though. 489533 distinct words give 18.9 bits of entropy each, so the >> above pass phrases (of four words) have 75 bits, or 5.74e+22. still not >> a huge amount, but the attacker would have to know that this is the >> method I use to make pass phrases to successfully reduce his search space. > > You can get 75 bits of entropy with 16 lowercase letters or 14 > mixed-case letters. That is surely easier to type than your example. it really depends on your keyboard and brain :-) -- Kjetil T. Homme Redpill Linpro - Changing the game
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Password-Store mailing list Password-Store@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/password-store