Logged In: NO

Although it might seam to enhance the security of a
generated passwords, the feature described above does the
opposite. In general terms, the feature puts a constraint on
the password which effectively narrows down the key space.
For those of you not familiar to cryptography, key space
size (the number of possible keys/passwords) is essentially
what determines the level of security.

For instance, lets examine the effects of the mask described
above. Suppose we use a 25 character alphabet with 10
special characters. A non-restricted 10 letter password has
a ~61 bit key space. Adding the constraint that a password
must comply with the AAaannss mask narrows down the key
space to ~53 bit.

The only good reason for including this pseudo-security
feature in a serious security-oriented software is that some
sites require the passwords to follow a certain mask
(usually Aans). However, if we use at least 80 bit passwords
(14 characters in our example alphabet), which is required
for relatively good security in these days, the chance that
a random password does not comply with this mask is
considerably less than 50%. One could therefore regenerate a
couple of times (usually no more than once) until the
password matches the mask.

With all this being said, I would like to add that a more
feature rich password generator would certainly be
appreciated. Setting security level (bit size of key space),
allowed characters, and length (not all at once of cause)
would be welcome.

man@musiker.nu