Pattern recognition needs a little tweak (Not a dev)

[LtqxWYEG]

Hi,

I was playing around with the implementation of this program in KeePassXC. As far as I know, they use the newest available version, unmodified.

I found a couple of issues: There is no difference in entropy, according to the program, between these three:

ab:cd:ef:gh:ij:kl
ab:cd;ef_gh-ij+kl
ab cd ef gh ij kl

All have unexpectedly high entropy of 95.74 bit. In comparison to generated passwords with the same length, they score only a tiny bit lower.

And then there's this oddity:

12:34:56:78:90:12 (88.93 bit)
12 34 56 78 90 12 (88.93 bit)
12:34;56_78-90+12 (81.75 bit)

Why is the last one weaker? It is more diverse. Particularly in comparison with the second one. :/

I tested a little bit around because I wondered why it doesn't get recognized as a date or two dates. Turns out if you use ":" as the separator (or mostly any other char) or you use numbers higher than usual dates, it isn't, and then throws about double the bits. So it really only checks for the few cases mentioned in the paper. But I don't understand the choice to limit the pattern recognition when this very logical extension would simplify the algorithm and include more cases at the same time.

I think there should be a penalty for using what is basically hex-code as a password. ([0-9/a-z/A-Z][0-9/a-z/A-Z] [punctuation etc.] [0-9/a-z/A-Z][0-9/a-z/A-Z] [punctuation etc.] ...) Sorry, I don't know regex. But you get the point. xD

regards

[LtqxWYEG]

Bahahahaha

??

EDIT: He deleted the comment.