Open palant opened 5 years ago
@palant thanks for the comments.
Adjusting the number of BCrypt iterations was under discussion, but is not supported yet (see Issue 10).
Users can choose whether the passwords are device-specific and the binding string could also be used on other devices to recover the password, but yes it is not possible to add it in the UI in the current version - good point.
We did a pre-study with users and the hashing choice did not confuse them, probably because it's part of the expert section.
A user of my PfP pointed me to this app. Since I've done some (very cursory) analysis already, I thought that I would share the findings with you. The password generation algorithm as it is implemented right now has multiple issues:
Finally, it is concerning that passwords generated are device-specific, as there is no way to recover passwords should that device fail.