Ignore repeat characters in "Also choose from" in Password Generator #9797
Comments
|
Does this happen if you uncheck "pick from every group"? That setting is actually a degrader in password quality and is why it's disabled by default. Same with exclude look alikes. So you are technically getting what you explicitly asked for. |
|
"Also choose from" takes your request quite literally. It will choose from any character entered into the field. If you increase the a priori probability of a character by repeating it multiple times, it will be more likely to end up in the password as well. We could avoid this by reducing the input to only unique characters to ensure they all have the same probability of being picked. On the other hand if you decide to enter such a ridiculous string into the field, then you kind of get what you asked for. |
|
I'd be in favor of either explicitly preventing duplicates in the choose from field or implicitly ignoring/collapsing them. |
When unchecked "pick from every group" and "look alikes," the password generator does not generate strong passwords. I believe this is because the input fields are probabilistic, but this is not mentioned anywhere in the documentation at https://keepassxc.org/docs/KeePassXC_UserGuide#_password_generator or the user interface. I propose updating the documentation to reflect this behavior. |
droidmonkey
changed the title
|
The issue is always there. Pick from every group only makes it worse. |
ghost
mentioned this issue
Overview
I noticed that if I put too much character in the password generator feature titled "Also choose from". The password quality of the generated password get weak. In fact, the password is composed of one character of each character set and filled with the one character given multiple time in the field "Also choose from".
Steps to Reproduce
Expected Behavior
I expect that generated password quality should not be vulnerable when given this "bad" input in the field "Also choose from".
Actual Behavior
Actually, the generated password quality is dependent on the input given on "Also choose from". If the input contains multiple times the same character, then the password quality tends to be weak.
Context
I was generating password for a website who doesn't explicitly share his password policy. Therefore I was trying to generate secure and valid password using the field "Also choose from" but without success. See the website in question :
https://tickets.monuments-nationaux.fr/fr-FR/mon-compte
KeePassXC - Version 2.7.6
Revision: dd21def
Qt 5.15.10
Debugging mode is disabled.
Operating system: Windows 10 Version 2009
CPU architecture: x86_64
Kernel: winnt 10.0.19045
Enabled extensions:
Cryptographic libraries:
Operating System: Windows 10 Pro
The text was updated successfully, but these errors were encountered: