> My evaluation is going well but Ive just had an issue raised > by our compliance people re the format of the the pdf > passwords. Ive got the length and expire time set fine and > assume that as the passwords are auto generated its not > likely to repeat them, but can you force upper/lower > character mix and use of special characters as well > (£$%&*@#? etc )?
The passwords are generated by a secure random generator. The number of bytes specified for the password length is the number of random bytes that is generated. From this random bit string a readable password is created. The conversion from random bit string to string is done with base32 encoding (http://en.wikipedia.org/wiki/Base32). The main reason for using base32 encoding is that it's easier for humans to read the password: "The alphabet was selected to avoid similar-looking pairs of different symbols, so the strings can be efficiently transcribed by hand. (For example, the symbol set omits the symbols for 1, 8 and zero, since they could be confused with the letters 'I', 'B', and 'O'.)" This is important for example when the password will be delivered by SMS. The downside of base32 is that the character set is limited and the passwords are therefore longer if you want to have the same strength. As long as you make sure that the number of bytes used to generate the password is high enough, the password is strong enough. In other words "the strength of the password is not determined on how it's is displayed but on how it was generated" Unfortunately the encoding can currently not be changed. I will add your request for this on the todo list. Kind regards, Martijn Brinkers -- Djigzo open source email encryption _______________________________________________ Users mailing list [email protected] http://lists.djigzo.com/lists/listinfo/users
