Password generator: Random number of special characters and numbers

Hi.

Why doesn't the password generator allow the generation of a random number of special characters and numbers in my password? Wouldn't this increase the entropy of my password?

Thanks for your answer.
Anonymous


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Or in other words: Can numbers and special characters added to the password through the password generator lower the entropy of the password?

    Let me make an example:
    Let's say we have a password that is 4 characters long:
    Entropy with only lowercase letters: log2(26^4)=18.8
    Entropy with one number: log2(410262626)=19.4
    Entropy with two numbers: log2(610102626)=18.6
    Entropy with three numbers: log2(426101010)=16.7
    Entropy with only numbers: log2(10^4)=13.3
    Entropy with random (0-4) number of numbers in the password: log2(36^4)=20.7

    Is this math correct or die I make a mistake?

    Thanks for your answer. :-)

  • brentybrenty

    Team Member

    Why doesn't the password generator allow the generation of a random number of special characters and numbers in my password?

    @anonymous20283u90234: It isn't necessary to produce a strong password. However...

    Wouldn't this increase the entropy of my password?

    Yes, and it's likely something we'll be doing in the future as we develop future versions to be more consistent across platforms. The new Windows app takes this approach.

    Or in other words: Can numbers and special characters added to the password through the password generator lower the entropy of the password?

    Your calculations look right to me, but don't quote me on that as it is past my bedtime. ;)

    The thing with entropy is that it is not really valuable for things that are not random. So if you're manually adding characters, while theoretically this is better than not doing so, it's important that we assume an attacker trying to guess your password is smart, and has done their homework to understand how your password was created, even if they do not know what it is. That can allow them to waste less time guessing password that are unlikely to be produced by the method you're using. I apologize that this explanation (and paragraph) is a bit of a mess. Let me know if you have any questions. :lol: l

  • Hi @brenty

    Thanks for your detailed answer. :-)

    Yes, and it's likely something we'll be doing in the future as we develop future versions to be more consistent across platforms. The new Windows app takes this approach.

    Cool, I'm looking forward to it.

    The thing with entropy is that it is not really valuable for things that are not random. So if you're manually adding characters, while theoretically this is better than not doing so, it's important that we assume an attacker trying to guess your password is smart, and has done their homework to understand how your password was created, even if they do not know what it is. That can allow them to waste less time guessing password that are unlikely to be produced by the method you're using.

    I understand that. And that's why it's so important to me that a random number of symbols and numbers is possible. With a password with a length of 50 or more characters, it is no problem if the given number of symbols and numbers does not maximize the entropy. The situation is different for passwords, which must be short, because the website only allows a limited number of characters.

    Have a nice day. :-)

    Kind regards,
    Anonymous

  • brentybrenty

    Team Member

    Excellent points! I can't say when exactly we'll be rolling out changes to the password generator across all of the apps, but it's definitely on our radar. Cheers! :)

  • brentybrenty

    Team Member

    ;) :+1:

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file