search

strongbox-password-safe / Strongbox

A KeePass/Password Safe Client for iOS and OS X
https://strongboxsafe.com
GNU Affero General Public License v3.0
1.35k stars 102 forks source link

Allow to set more than 128 symbols for password generator #696

Open distrair opened 1 year ago

distrair commented 1 year ago

Basically the title. Many of the websites allow to have more than 128 symbols in the password so why not allow to generate one.

strongbox-mark commented 1 year ago

Hi, the main issue with this is it's hard to provide good UX with a high symbol count, so we've gone for 128 as a good compromise. What would you suggest as the upper limit?

It should also be noted that beyond a certain amount of entropy, you're kind of into overkill territory where just adding characters does not significantly improve security. e.g. say the backend is using SHA256 to hash the password, then anything beyond 256 bits of entropy will be discarded/compressed. Also, 256 bits of entropy is beyond any kind of reasonable crack time too.

Of course open to finding some way to allow users to generate larger numbers, but at the moment this would be low priority.