Option to exclude (font-/metric-dependent) uncountable characters
A lightweight and easy-to-use password manager
Brought to you by:
dreichl
Menu
▾
▴
#2664 Option to exclude (font-/metric-dependent) uncountable characters
In the password generator under the "Advanced" tab we have the option "Exclude look-alike characters". But there is a similar issue with characters whose repeated usage makes it not possible to reliable tell the passphrase anymore because you don't know how many occurences appeared. This issue appears with the characters -, _, space, =, and eventual . and : (and maybe others I'm not aware of yet) [1]. An example password that can't be reliable telled anymore would be "abc____________def--------------------------ghi" - including spaces in it would make it even much more harder to tell.
Such an option could also be under the "Advanced" tab of the password generator and requires an asterisk since it lowers the security of the password as well. The usage of such an option is possibly the same as for excluding look-alike characters: The password can be typed reliable if needed to for example if copy/paste is under some circumstances not an option.
[1] The first 3 characters have also its own characterset in the current password generator which I wonder if the reasong for it has to do with the reasoning of this ticket. If so, the requested option here under the "Advanced" tab would also allow to simplify that part of the password generator and evenually support https://sourceforge.net/p/keepass/feature-requests/2304/ better security-wise (dependent on the path chosen).
In that case, you might as well exclude every character, because - well, here are some more passwords that aren't easily "tellable":
!!!!!!!!!!!!!!!!!!!!!!!
iiiiiiiiiiiiiiiiiiiiiiiiiiiiii
mmmmmmmmmm
If you're just referring to the tendency for some characters to merge into a single line, well that's just a function of the font they're being displayed with. The underscore in most fonts is designed to merge like this, but the other symbols should be distinctly countable - difficult, yes, but countable.
The chance of more than two characters in a row is extremely small using a standard generator profile. If your profile causes this issue, change the profile.
cheers, Paul
I have thought about this more and yes, it probably should be limited to characters that are strictly uncountable, e.g. limiting it only to the underscore character for visible characters since it is the only one (I'm aware of) that usually merges pixel-perfect into its next one.
If I would request this feature today, I probably would imagine it as an option in the "Advanced" tab in the password generator called "Exclude hard to count characters (whitespaces, zero-width characters, _) *".