Menu

#2044 Random password length option

KeePass
closed
nobody
None
5
2015-10-08
2015-10-08
No

Add random password length option with minimal and maximal password length options, this ensures, that one cannot guess possible password length for generated passwords.

Discussion

  • Paul

    Paul - 2015-10-08

    I prefer to use the longest password allowed, which is too often a paltry 8 characters. Even knowing the length is 16 characters makes a brute force attack extremely difficult.

    cheers, Paul

     

    Last edit: Paul 2015-10-08
  • wellread1

    wellread1 - 2015-10-08

    The trade-off of sacraficing password strength by using password length as a secret is not worth it. Passwords must be as long as necessary to be infeasible to crack under the likely (or possible) attack scenarios. Once the password has reached that strength threshold, it is not necessary to lengthen it further.

    For example, for passwords based on a really small character set such as digits (0-9) the strength of the entire set of passwords less than the target length is 11% of that of the selected password. If you consider the 4 digit pin, there are 10,000 possible 4 digit pins (0000-9999), but only 1110 possible passwords of 3 digits or less. The situation only gets worse as the the character set get larger.

     
  • Dominik Reichl

    Dominik Reichl - 2015-10-08
    • status: open --> closed
     

Log in to post a comment.

MongoDB Logo MongoDB