I'd like to add that it may be useful for administrators of e.g. company pass stores to be able to determine the length of the password of a user without having to know the password. That way, the administrator can inform the users that their passwords are likely not following good practices (any more).
In any case, I agree it should be clearly documented. The fact that some services allow only ridiculously short passwords can't be mitigated in pass though. The attacker can just look up what the maximal password length is for the service without even looking at pass. In fact, if I was an attacker, that's the first thing I'd do before spending any cycles at brute-forcing: Checking out the max password lengths of the services I found in your pass wallet. On 24/02/17 00:29, Marin Usalj wrote: > I think I agree with Thibault on 1 - there are some sites that just > don't allow big enough passwords, and some places are still using PIN > codes (like certain airlines). _______________________________________________ Password-Store mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/password-store
