Handle obsolete/overeager password rules #23
Labels
enhancement
New feature or request
Comments
|
sounds reasonable to reuse the xor mask for this indeed |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Even if the user selects a certain subset of characters (such as uppercase letters), there's no guarantee that the password will actually contain at least n (usually 1) element from that subset. While not a security problem in itself, this presents a problem with obsolete/overeager password strength enforcement algorithms that expect to have n (usually 1, sometimes 2, etc.) character from each of their defined subset present within the password.
Although in some cases the "generate a new password" feature can be used with some luck to overcome this, it's poor UX and not guaranteed to work. Since RWD is already XORed with a (currently random, c.f. #11) string of bits, these could be altered upon user request to ensure the password contains one instance of each of the selected subsets. KeePassXC for example implements such a control with a checkbox "Pick characters from every group".
The text was updated successfully, but these errors were encountered: