vext01 / passout

Simple password manager built on GnuPG.
4 stars 1 forks source link

[Gen]: Do we want control over symbols in random generated passwords? #4

Open vext01 opened 9 years ago

vext01 commented 9 years ago

Do certain symbols cause issues? Do we want to give the user control over what symbols can appear in passwords? Discuss...

richlanc commented 9 years ago

I was going to argue for prefined character sets (simple -> alphanumerics, complex -> alphanumerics+special characters), but then you have to decide which special characters to include and there isn't a standard for this.

http://xkcd.com/936/ So... perhaps a selection of alphanumerics with a great enough length is secure enough? We could then provide the option to include provided special characters. This does have the obvious drawback in that the user will be unlikely to remember the password.

vext01 commented 9 years ago

I like the idea of predefined character sets. Let's default to complex though and if the user finds an annoying website, they can either use simple mode or manually tweak the generated password?

Truly pronounceable passwords are a further enhancement. You might be able to steal the algorithm from pwgen: http://sourceforge.net/p/pwgen/code/ci/master/tree/pw_phonemes.c

If we are in agreement, we should raise a issue bug for pronounceable passwords...