Add random password length option with minimal and maximal password length options, this ensures, that one cannot guess possible password length for generated passwords.
I prefer to use the longest password allowed, which is too often a paltry 8 characters. Even knowing the length is 16 characters makes a brute force attack extremely difficult.
cheers, Paul
Last edit: Paul 2015-10-08
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The trade-off of sacraficing password strength by using password length as a secret is not worth it. Passwords must be as long as necessary to be infeasible to crack under the likely (or possible) attack scenarios. Once the password has reached that strength threshold, it is not necessary to lengthen it further.
For example, for passwords based on a really small character set such as digits (0-9) the strength of the entire set of passwords less than the target length is 11% of that of the selected password. If you consider the 4 digit pin, there are 10,000 possible 4 digit pins (0000-9999), but only 1110 possible passwords of 3 digits or less. The situation only gets worse as the the character set get larger.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I prefer to use the longest password allowed, which is too often a paltry 8 characters. Even knowing the length is 16 characters makes a brute force attack extremely difficult.
cheers, Paul
Last edit: Paul 2015-10-08
The trade-off of sacraficing password strength by using password length as a secret is not worth it. Passwords must be as long as necessary to be infeasible to crack under the likely (or possible) attack scenarios. Once the password has reached that strength threshold, it is not necessary to lengthen it further.
For example, for passwords based on a really small character set such as digits (0-9) the strength of the entire set of passwords less than the target length is 11% of that of the selected password. If you consider the 4 digit pin, there are 10,000 possible 4 digit pins (0000-9999), but only 1110 possible passwords of 3 digits or less. The situation only gets worse as the the character set get larger.
Duplicate of https://sourceforge.net/p/keepass/feature-requests/2012/