Avoid ambiguous characters in generated passwords

Question

Avoid ambiguous characters in generated passwords

knutzk opened this issue 8 years ago · 3 comments

I found a couple of issues related to the randomString password generator of the app, but haven't found this one.

Unfortunately, the font that is used for the app makes some of the characters indistinguishable, e.g. capital i and lowercase l. This is not a problem for strings such as names or labels, but it can be quite confusing for passwords. If users set passwords themselves, they can simply avoid those characters, but it would be nice if the generated passwords did not contain any ambiguous characters or characters that are hard to distinguish. A non-exhaustive list:

capital i, lowercase l, (the number 1), vertical bar |
capital o, the number 0

As far as I can see, this would only be a little change in the list of used characters in Encryptr/src/app.js

I'd be happy to hear your opinions about this!

Answer 1 · 2016-12-21T04:46:36.000Z

+1 from me. No idea what happened. The original font wasn't like that I am sure. I have also had problems with this.

I'll make sure to fix it in the next release.

Answer 2 · 2016-12-21T08:59:09.000Z

That's great news, thanks! Of course, the other solution would be to switch to a font face where those characters can actually be distinguished (e.g. some monospaced fonts). But I guess this would be much more effort and might not fit the design of Encryptr very well.

Answer 3 · 2016-12-21T10:34:24.000Z

No no no... that's what I mean... I would change to a font that disambiguates those characters... not remove them from the entropy.