You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I think we should throw an error for a weak passphrase passed into the kbpgp key generation. We can validate password strength with zxcvbn. They define anything under a score of 2 to be somewhat guessable (guesses < 10^8) so I think its reasonable to error if the user provided passphrase is below this.
Note: this issue is solved in the upcoming PR #35, but I thought it best to document our decision here.
The text was updated successfully, but these errors were encountered:
On 4 June 2020 12:06:22 GMT+10:00, Robbie Cronin ***@***.***> wrote:
I think we should throw an error for a weak passphrase passed into the
kbpgp key generation. We can validate password strength with
[zxcvbn](https://github.com/dropbox/zxcvbn). They define anything under
a score of 2 to be somewhat guessable (guesses < 10^8) so I think its
reasonable to error if the user provided passphrase is below this.
Note: this issue is solved in the upcoming PR #35, but I thought it
best to document our decision here.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
#38
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
yeah it makes sense that this should just be a notification to the user on any kind of user interface we implement and the polykey key generation function should just be ignorant to the strength of the passphrase.
I think we should throw an error for a weak passphrase passed into the kbpgp key generation. We can validate password strength with zxcvbn. They define anything under a score of 2 to be somewhat guessable (guesses < 10^8) so I think its reasonable to error if the user provided passphrase is below this.
Note: this issue is solved in the upcoming PR #35, but I thought it best to document our decision here.
The text was updated successfully, but these errors were encountered: