Password entropy is weaker on KeepassDX in comparison to KeepassXC #1373
Comments
|
The entropy is not calculated by KeePassDX but by the automatic generation library Nbvcxz. You can compare the calculation methods from the library code and from KeePassXC to see what the differences are. Personally, as long as there is an order of magnitude even if the calculation is less permissive on KeePassDX, I don't have a problem because it encourages to generate larger passwords. Edit : Also, to compare, putting the same options is not enough because of the randomness, the generated password will not be the same so obviously will not have the same entropy, it is necessary to copy the same password in the two entropy calculators. |
J-Jamet
changed the title
J-Jamet
changed the title
|
Thank you for informing me on the entropy issue.
I followed what you said. first I generated a password on KeepassXC: The entropy was 383.19 bit I pasted that same password into the password generator on KeepassDX. The entropy was 189.62 bit So the KeepassDX is more strict afaik. I have learned a few things from this experience so that is a plus. Thanks for taking the time to reply to my post I will be closing it now. |
When using the password generator to generate a password. The entropy is weaker then compared to KeepassXC.
For example, I generated a 30 length password with numbers, letters, -, _, special characters and some of the other options. I got an entropy of 300-320 bit range on KeepassXC.
I chose the same options on KeepassDX and my entropy was 190-210 bit range.
You can replicate this by choosing the exact same options on both KeepassXC and KeepassDX. Then making the password length 25 or higher.
I Haven't tried with shorter lengths because I dont generate shorter lengths then that. But the same will probably apply.
The entropy will be a lot weaker on KeepassDX.
Is their a reason for this?
Can it be fixed or is it a mobile thing?
The text was updated successfully, but these errors were encountered: