-
-
Notifications
You must be signed in to change notification settings - Fork 321
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"The horror of LessPass" #88
Comments
Hi @guillaumevincent, You'll probably have to devise a strategy for people to transition to the new algorithm from the previous one. So that they can still generate their previous password while being able to use the new algorithm (the typical scenario is for people wanting to change their password again using the new password). |
Hi @abe33 here is the strategy we discuss with @edouard-lopez :
If you think there is a better way, do not hesitate |
I close the new version is online |
The interview went to says:
The Horror of LessPass - TWiT Netcast Network
Understanding our mistakes
We use patterns to create passwords with complex rules like no consecutive vowels or can't start with a number.
We made two mistakes:
masterpassword
algorithm. We misunderstood and took for granted what we read.cvCVns
as template by default (c
onsonms,v
owels, etc.) instead of a more random one asx
(full characters set).On Open Source
And for anyone who thinks they do well at first, or who think that Open Source does not help. On the contrary, we believe that nobody does well at first, and thanks to the community scrutinity and critical studies of the code, this kind of tool becomes more robust the longer it lives.
How It Feels
The video is obviously a setbacks for us, especially after the euphoric past week where we went from ~100 to 1600+ stars, but we are glad that people review our code in depth and this came up early on.
Actions
We will use the full alphabet in the next version by default. We will probably increase the default length of generated passwords.
So in the future, we will describe (with drawings) the future algorithm and its implementation. We will simplify the code to helps everyone understand how it works. And we hope you will keep your eyes peeled for mistakes and stay critical to the code.
Best ❤️
The text was updated successfully, but these errors were encountered: