search

marius-wieschollek / passwords

A simple, yet feature rich password manager for Nextcloud
GNU Affero General Public License v3.0
215 stars 45 forks source link

generated password lengths misleading? #476

Closed mortee closed 2 years ago

mortee commented 2 years ago

Current Status I was under the impression that the password strengths in the generator are actual strengths. And obviously, the more character classes are enabled, the more entropy level a set length password has. As in, the entropy level of the password. But apparently, a given "strength" level results in the same length passwords, regardless of the enabled character classes, which is misleading.

Feature Description I would suggest assigning every selectable strength level a given entropy, and calculating the required character count based on the enabled character classes.

marius-wieschollek commented 2 years ago

But apparently, a given "strength" level results in the same length passwords, regardless of the enabled character classes, which is misleading.

A higher strength setting always results in a longer minimum length of the password, regardless of which service is configured to generate words. A higher strength also results in more numbers or special characters being added if those are enabled.

mortee commented 2 years ago

Maybe something prevents generating based on entropy?