Open serrq opened 1 year ago
nvllz
commented
1 year ago I noticed this a while ago. KeePassDX's entropy score is always lower compared to KeePassXC's score for the same password. For the generated string, KeePassXC shows me 391.14 bits of entropy.
J-Jamet
commented
1 year ago 
serrq
commented
1 year ago According with this University password strength score for the string above is 516.
J-Jamet
commented
1 year ago By definition, entropy is the measure of a state of disorder. So it is not standardized to calculate this disorder, the important thing is the consistency of the measurements between each result in order to demonstrate that one result is better or worse than another. In the case of a password, the important thing is to keep in mind that: the more complex it is, the less chance a brute force attack will be able to break the code. As the techniques and the power of the machines evolve all the time, it would be necessary to index the measure of the entropy on a study which calculates the probability to break a password with the most powerful machines used. But in practice, an estimate is sufficient.
https://gitlab.com/vecturagames/passwordgenerator
https://www.f-droid.org/packages/com.vecturagames.android.app.passwordgenerator/
It is not a bug: I just asking clarification.
I installed this app (password generator) on my device and I set these rules on both apps:
A-Z yes a-z yes 0-9 yes Special charactes included :+;!?= Max length 68 characters
I generated this exact password:
frsRFQ7N+U1dpVWzm2xa;gwATE?H4OkLIC8b9ju3ncyGYB!tS=oDhi0K5Ze6:MqlXPvJ
Entropy Score:
Password Gen (F-droid) 475
KeePassDX 307,91
Why this difference?
Is it possible to make the two developers converse in order to find a common entropy calculation model?