hsxkpasswd icon indicating copy to clipboard operation
hsxkpasswd copied to clipboard

Published 20 hours ago verified publisher icon bbusschots

Entropy calculation on website doesn't match tool

Open dgrant opened this issue 7 years ago • 1 comments

The following config says 61 bits with full-knowledge on https://xkpasswd.net/ but when I run locally I get WARNING - Crypt::HSXKPasswd::_update_entropystats_cache(): for attacks assuming full knowledge, the combination of the loaded config and dictionary produces an entropy of 33bits, below the minimum recommended 52bits at /usr/local/bin/hsxkpasswd line 448

{
"num_words": 3,
"word_length_min": 4,
"word_length_max": 8,
"case_transform": "RANDOM",
"separator_character": "-",
"padding_digits_before": 0,
"padding_digits_after": 0,
"padding_type": "NONE"
}

dgrant avatar Jun 29 '17 22:06 dgrant

Seems to be if you choose case_transform: RANDOM, you get double the entropy, when you should really only get num_words more bits of entropy. XKCD config should be 44 bits, not 80 bits.

frei0 avatar Oct 23 '17 23:10 frei0