dappelt
commented
6 years ago Thanks for your input! To provide some more background on #3, I can only recommend this excellent article. Of course, #3 is not the only option to prevent bad passwords and we might not want to have this functionality in plugin-btp, but in specific subclasses that extend btp-plugin. The more important problem to solve is how mini-accounts derives ILP addresses from passwords, which is prone to dictionary attacks.
Now to your proposal. Generating a random, high-entropy password protects against dictionary attacks. However, you don't want to store that password in plaintext, so you would need a user-provided password to encrypt it. And there are other drawbacks, e.g. the risk of data loss or switching devices/client software requires copying the password.
A better alternative is if mini-accounts would do some key stretching on the (potentially weak) password before turning it into an ILP address.
Related to https://github.com/interledgerjs/ilp-plugin-btp/pull/3, why doesn't the plugin just generate a (safe) random token for you? If you manually supply one in the BTP server URI it could use that (and check if that has been pwned), but if you don't it could just generate one for you. It might want to store that somewhere locally, depending on the use case and how long-lived the "mini accounts" are likely to be, but that seems solvable.