keepassium
Password quality meter is too optimistic for the estimated entropy
Description
The description and "quality meter" UI are overly optimistic for the password's entropy. For instance, a 9-letter password with estimated entropy of 48 bits is qualitied as "Weak" in KeePassXC, but "Very Good" in KeePassium.
How to reproduce Steps to reproduce the behavior:
- Generate a short password in KeePassium's generator
- Paste the same password to KeePassXC's password generator
- Observe that KeePassium's qualitative description is much more optimistic than KeePassXC's
Expected behavior KeePassium's description should be more realistic and similar to KeePassXC's.
Environment:
- Device: any
- OS: iOS 17
- App Version: 1.52.149
Additional context
Originally reported by @RTClarkV in https://github.com/keepassium/KeePassium/discussions/358
Originally posted by RTClarkV April 12, 2024 KeePassium is great, don't get me wrong. One problem: The password strength checker sucks. It says a 9 character long, 48 bit password is "very good" with the green bars maxed out. This is misleading and bad. I would never trust a password of 48 bits, much less consider it "very good." Please change this. ANY other password manager I've used in the past like KeePassXC, PassBolt, and StrongBox think that a 48 bit password is laughable. The "very good" password indication should only be reserved for passwords of at least 120 bits. I don't know how you guys messed up this tiny thing in your really awesome password manager. Is this flaw normal or did I mess some setting up?
