On Tue, Dec 20, 2016 at 02:29:01PM +0100, ilf wrote: > Kjetil Torgrim Homme: > > sometimes you have to enter passwords by hand > > If that's your use-case, it could be an option. > > But that shouldn't be the default. The default use of pass is for > copy+paste. > > So by default, generated passwords should be high-entropy instead of > meaningful and memorable.
Not sure these are the correct qualifications we're looking for. I have been in Kjetil's use case scenario multiple times, here's the conclusion: * meaningful - not important * memorable - not important * readable - important * lengthy - important Is there a meaningful security difference between jibberish and a lengthy random human-readable word list sentence, with mixed-case and numbers and all? The famous XKCD illustration addressed this adequately for most purposes, no? _______________________________________________ Password-Store mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/password-store
