Is there a way to have a recipe that include how many capital letters are included?

Options
gunfus
gunfus
Community Member
in Lounge

When using the "word generation" I want to say how many Capital letter to generate.. right now it doesn't generate any.

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:Is there a way to have a recipe that include how many capital letters are included?

Comments

  • Ben
    Ben
    Options

    Hi @gunfus,

    You're correct: our 'words' password generator is based on diceware which does not include any capital letters. If you're looking for more customization as far as X of this, and Y of that, the 'character' password generator may be a better solution. Alternatively you can replace some of the letters generated by 1Password with capitals, or other characters.

    I hope that helps. Should you have any other questions or concerns, please feel free to ask.

    Ben

  • jpgoldberg
    jpgoldberg
    1Password Alumni
    Options

    I can't promise that all of these will be exposed to users as an option, but internally the "new" password generator allows for a number of capitalization schemes.

    // Defined capitalization schemes. (Using strings instead of int enum
// to make life easier in a debugger and calling from JavaScript)
const (
    CSNone   CapScheme = "none"   // No words will be capitalized
    CSFirst  CapScheme = "first"  // First word will be capitalized
    CSAll    CapScheme = "all"    // All words will be capitalized
    CSRandom CapScheme = "random" // Some words (roughly half) will be capitalized
    CSOne    CapScheme = "one"    // One randomly selected word will be capitalized
)

    The underlying generator has far more knobs and options than are exposed to the user. Once this generator is used in instances of 1Password, we can make decisions of what capabilities to expose to users and how those should be presented. However, the password generator in 1Password X is a place where we are experimenting with newer presentations ahead of insisting on uniformity across platforms.

    But do keep in mind that just as there are options that would be useful to you (and perhaps not others), there will be options that are useful to others but not you. Our experience (and science, too!) shows that the more options you present, the more likely it is for people to get confused and discouraged. So I'm not promising that any of the currently unexposed capabilities of the underlying generator will see the light of day.

    A digression with some math

    It turns out that it is trickier to figure out what the additional strength of these generated passwords are under different schemes. "none", "all", and "first" add no entropy, but "one" and "random" appear to do so. It is easy to calculated the their additional entropy if each and every word on the word list has a distinct capitalization (as is the case with our word list). But it gets much harder if the wordlist contains items which can't be capitalized, such as "正確". Or perhaps a wordlist contains words that when capitalized turn into other words that are also on the list, such as a list containing both "Polish" and "polish".

    In these cases, the results of the password generator are non-uniform. And in such cases, we go with min-entropy, and so even the random capitalization schemes cannot be guaranteed to offer additional strength.

This discussion has been closed.