KeePass / Feature Requests / #2012 Password Genertor Random Repeat Between

#2012 Password Genertor Random Repeat Between

Milestone: KeePass

Status: open

Owner: nobody

Labels: Random (1) security (7) Generator (3)

Priority: 5

Updated: 2017-09-13

Created: 2015-06-05

Creator: Shaun Forsyth

Private: No

Can the repeat block {n} be extended to support {n..n} which repeats the place holder a random number of times between the 2 numbers.

The reason behind asking, is while entropy makes it harder for people to crack our passwords, if the cracker knows its a keepass database or keepass standard generated password of 20 characters they can skip all tests up 19 chars beforehand which massively reduce's the time required to break it. Or at least allows them to try and short cut the crack.

Discussion

wellread1 - 2015-06-05

if the cracker knows its a keepass database or keepass standard generated password of 20 characters they can skip all tests up 19 chars beforehand

That's true

which massively reduce's the time required to break it.

That's not true.

The total number of possible passwords of length <N is usually not greater than ~11% of the number of passwords of length N. For example the total number of single and double digit passwords is: 110; versus the number of triple digit passwords: 1000.

The relative size of the set of all shorter passwords decreases significantly for passwords based on larger character sets.

Last edit: wellread1 2015-06-05

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Shaun Forsyth - 2015-06-05

Ok, while I understand the point you have made, it would still be a nice feature to have.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

wellread1 - 2015-06-05

I don't really see the value. If a password with length L is adequate, then a password of length L+1 is not necessary. If one is uncertain whether length L is adequate, then one should chose a longer password.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

James Smith - 2017-09-13

Having the option to generate a random number of characters from a set is extremely useful. For example, let's say you need to generate the local-part of an alias email address and you want to use all characters allowed by a certain mail system.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

wellread1 - 2017-09-13

If you want to use all characters allowed by a certain mail system, then specify that only those characters be used in the password (email address) generator profile.

For example if you wanted to use only lowercase alphanumerics in your alias and you wanted an eight character subaddress (e.g. a{8}) for the email address happygolucky@gmail.com, then the profile:

\h\a\p\p\y\g\o\l\u\c\k\y\+a{8}\@\g\m\a\i\l\.\c\o\m

would generate email addresses like:

happygolucky+8t4k7asb@gmail.com

Allowing the length of the subaddress to to be less than the maximum allowed length, adds complexity for the user, and reduces the amount of work relative to searching the maximum length subaddress space. This is becasue allowing variable, shorter than maximum length subaddresses, creates an optimal search strategy (i.e. search for shorter subaddresses first).

Last edit: wellread1 2017-09-13
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.