You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The description and "quality meter" UI are overly optimistic for the password's entropy. For instance, a 9-letter password with estimated entropy of 48 bits is qualitied as "Weak" in KeePassXC, but "Very Good" in KeePassium.
How to reproduce
Steps to reproduce the behavior:
Generate a short password in KeePassium's generator
Paste the same password to KeePassXC's password generator
Observe that KeePassium's qualitative description is much more optimistic than KeePassXC's
Expected behavior
KeePassium's description should be more realistic and similar to KeePassXC's.
Originally posted by RTClarkV April 12, 2024
KeePassium is great, don't get me wrong. One problem: The password strength checker sucks. It says a 9 character long, 48 bit password is "very good" with the green bars maxed out. This is misleading and bad. I would never trust a password of 48 bits, much less consider it "very good." Please change this. ANY other password manager I've used in the past like KeePassXC, PassBolt, and StrongBox think that a 48 bit password is laughable. The "very good" password indication should only be reserved for passwords of at least 120 bits. I don't know how you guys messed up this tiny thing in your really awesome password manager. Is this flaw normal or did I mess some setting up?
The text was updated successfully, but these errors were encountered:
Description
The description and "quality meter" UI are overly optimistic for the password's entropy. For instance, a 9-letter password with estimated entropy of 48 bits is qualitied as "Weak" in KeePassXC, but "Very Good" in KeePassium.
How to reproduce
Steps to reproduce the behavior:
Expected behavior
KeePassium's description should be more realistic and similar to KeePassXC's.
Environment:
Additional context
Originally reported by @RTClarkV in #358
Originally posted by RTClarkV April 12, 2024
KeePassium is great, don't get me wrong. One problem: The password strength checker sucks. It says a 9 character long, 48 bit password is "very good" with the green bars maxed out. This is misleading and bad. I would never trust a password of 48 bits, much less consider it "very good." Please change this. ANY other password manager I've used in the past like KeePassXC, PassBolt, and StrongBox think that a 48 bit password is laughable. The "very good" password indication should only be reserved for passwords of at least 120 bits. I don't know how you guys messed up this tiny thing in your really awesome password manager. Is this flaw normal or did I mess some setting up?
The text was updated successfully, but these errors were encountered: