The description and "quality meter" UI are overly optimistic for the password's entropy. For instance, a 9-letter password with estimated entropy of 48 bits is qualitied as "Weak" in KeePassXC, but "Very Good" in KeePassium.
How to reproduce
Steps to reproduce the behavior:
Generate a short password in KeePassium's generator
Paste the same password to KeePassXC's password generator
Observe that KeePassium's qualitative description is much more optimistic than KeePassXC's
Expected behavior
KeePassium's description should be more realistic and similar to KeePassXC's.
Originally posted by **RTClarkV** April 12, 2024
KeePassium is great, don't get me wrong. One problem: The password strength checker sucks. It says a 9 character long, 48 bit password is "very good" with the green bars maxed out. This is misleading and bad. I would never trust a password of 48 bits, much less consider it "very good." Please change this. ANY other password manager I've used in the past like KeePassXC, PassBolt, and StrongBox think that a 48 bit password is laughable. The "very good" password indication should only be reserved for passwords of at least 120 bits. I don't know how you guys messed up this tiny thing in your really awesome password manager. Is this flaw normal or did I mess some setting up?
Description
The description and "quality meter" UI are overly optimistic for the password's entropy. For instance, a 9-letter password with estimated entropy of 48 bits is qualitied as "Weak" in KeePassXC, but "Very Good" in KeePassium.
How to reproduce Steps to reproduce the behavior:
Expected behavior KeePassium's description should be more realistic and similar to KeePassXC's.
Environment:
Additional context
Originally reported by @RTClarkV in https://github.com/keepassium/KeePassium/discussions/358