Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Default to four words with no padded digits? #1

Closed
hugovk opened this issue Apr 29, 2021 · 6 comments
Closed

Default to four words with no padded digits? #1

hugovk opened this issue Apr 29, 2021 · 6 comments
Assignees
@adambirds

Comments

@hugovk
Copy link

hugovk commented Apr 29, 2021

Nice generator!

Is the idea of xkcd 939 to use words and avoid numbers?

So should the defaults be the same as -n 4 --no-padding-digits?

$ xkcd-pass
PrudeMummifiedSuing11
$ xkcd-pass -n 4 --no-padding-digits
TwisterSynopsisStylizedOutthink

(And maybe even default to all lower case?)

Also --min MIN_LENGTH ("Generate passphrases containing at least MIN_LENGTH words") doesn't appear to work, unless I'm misunderstanding something:

$ xkcd-pass --min 4 --no-padding-digits
CertaintyOperationRemorse

Thanks!
@adambirds
Copy link
Owner

Thanks for the input @hugovk

I'm certainly happy to set the default of 4 words, but I would like to keep digits as default. The main reason being whilst this is inspired by XKCD 936, its not an exact remake and the inclusion of numbers and the capitals increases the bits of entropy of the password considerably and makes it more compatible with most services out there that require at least 1 lowercase, uppercase and digit in the password. Setting the default to lowercase and no numbers would reduce its easiness of use with most services.

With regards to the --min, the default wordfile used only includes words between 5 and 9 characters. So setting the --min of 4 will include the entire wordlist. Setting the --min to 7, would only includes words of 7,8, and 9 characters. The same also counts for --max, setting it to 10 would also include the entire wordlist. I think this is explained in README.md but I think this is reasonable to add into xkcd-pass --help at least to explain for the default wordfile eff-long.

@adambirds adambirds self-assigned this Apr 29, 2021
@hugovk
Copy link
Author

hugovk commented Apr 29, 2021

Okay, thanks for the explanation.

I completely misunderstood --min and --max and thought they applied to the number of words, not the character length of individual words.

Perhaps something like this is clearer?

-Generate passphrases containing at least MIN_LENGTH words.
+Generate passphrases containing words of at least MIN_LENGTH characters.

@adambirds
Copy link
Owner

adambirds commented Apr 29, 2021
edited
Loading

Yes, that's certainly an improvement, do you want to submit a PR for it? If not happy to do it myself.

This was referenced Apr 29, 2021
Closed
Closed
adambirds added a commit that referenced this issue Apr 29, 2021
@adambirds
defaults: Update numwords to 4 as default.
88b94df 
Fixes #3.
Fixes part of #1.
@adambirds adambirds mentioned this issue Apr 29, 2021
Merged
adambirds added a commit that referenced this issue Apr 29, 2021
@adambirds
defaults: Update numwords to 4 as default.
5244ff8 
Fixes #3.
Fixes part of #1.
@adambirds
Copy link
Owner

I've made these changes, these will be pushed as 1.0.8 in the next day or two. Thanks @hugovk

@adambirds
Copy link
Owner

adambirds commented May 1, 2021
edited
Loading

@hugovk 1.0.9 is out now. Had issues with 1.0.8. You can update with pip install xkcd-pass -U

@hugovk
Copy link
Author

hugovk commented May 1, 2021

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@adambirds adambirds

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hugovk @adambirds