Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
"The horror of LessPass" #88
The interview went to says:
Understanding our mistakes
We use patterns to create passwords with complex rules like no consecutive vowels or can't start with a number.
We made two mistakes:
On Open Source
And for anyone who thinks they do well at first, or who think that Open Source does not help. On the contrary, we believe that nobody does well at first, and thanks to the community scrutinity and critical studies of the code, this kind of tool becomes more robust the longer it lives.
How It Feels
The video is obviously a setbacks for us, especially after the euphoric past week where we went from ~100 to 1600+ stars, but we are glad that people review our code in depth and this came up early on.
We will use the full alphabet in the next version by default. We will probably increase the default length of generated passwords.
So in the future, we will describe (with drawings) the future algorithm and its implementation. We will simplify the code to helps everyone understand how it works. And we hope you will keep your eyes peeled for mistakes and stay critical to the code.
Hi @guillaumevincent, You'll probably have to devise a strategy for people to transition to the new algorithm from the previous one. So that they can still generate their previous password while being able to use the new algorithm (the typical scenario is for people wanting to change their password again using the new password).
If you think there is a better way, do not hesitate