Better passphrase generation

FiloSottile / age

A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.

https://age-encryption.org

BSD 3-Clause "New" or "Revised" License

17.05k stars 500 forks source link

Better passphrase generation #465

Closed ghost closed 1 year ago

ghost commented 1 year ago

Generate 12 words instead of 10 for 128-bit entropy (log(2048, 2) * 12) and replace the separator '-' with ' ' for simplicity.

FiloSottile commented 1 year ago

Hello! Thank you but these were deliberate design choices. 110 bits of entropy are plenty, especially when stretched by scrypt. Dashes are used to make the password easily copy-pastable and to make it less likely users will mistakenly leave out a word.