You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This option on the website:
"case_transform": "ALTERNATE"
...should randomize first word and then alternate word case thereafter.
According to this change: https://github.com/bbusschots/hsxkpasswd/releases/tag/v3.3.1
"The ALTERNATE case transform now randomises the case of the first word, and then alternates from there. This adds a little more entropy, and makes more sense than having it always be the same IMO."
Observed:
Instead, the first word is always lower case, second always UPPER case, third always lower case
Other observations:
Website indicates it is powered by old version.
Website: "This site is powered by the XKPasswd.pm Perl Module"
Github indicates latest version should be
Crypt-HSXKPasswd-v3.5 released ]on Aug 10, 2015
Crypt-HSXKPasswd-v3.6 released ]on Aug 11, 2015
Issue Entropy calculation on website doesn't match tool #32 "Entropy calculation on website doesn't match tool"
Probably resolved with 2015 BETA3 release:
"There was a subtle error in how the entropy was calculated for the worst-case scenario (where attackers know both the configuration and word source used). Unfortunately the bug caused the module to overestimate the entropy. Because if this, some presets had to be altered after the bug was fixed to keep them below the entropy warning thresholds. This proved impossible for the WEB16 preset, so it has now issues a warning in the same way the NTLM preset does."
The text was updated successfully, but these errors were encountered:
Expected:
This option on the website:
"case_transform": "ALTERNATE"
...should randomize first word and then alternate word case thereafter.
According to this change:
https://github.com/bbusschots/hsxkpasswd/releases/tag/v3.3.1
"The ALTERNATE case transform now randomises the case of the first word, and then alternates from there. This adds a little more entropy, and makes more sense than having it always be the same IMO."
Observed:
Instead, the first word is always lower case, second always UPPER case, third always lower case
Other observations:
Website indicates it is powered by old version.
Website: "This site is powered by the XKPasswd.pm Perl Module"
Github indicates latest version should be
Crypt-HSXKPasswd-v3.5 released ]on Aug 10, 2015
Crypt-HSXKPasswd-v3.6 released ]on Aug 11, 2015
Issue Entropy calculation on website doesn't match tool #32 "Entropy calculation on website doesn't match tool"
Probably resolved with 2015 BETA3 release:
"There was a subtle error in how the entropy was calculated for the worst-case scenario (where attackers know both the configuration and word source used). Unfortunately the bug caused the module to overestimate the entropy. Because if this, some presets had to be altered after the bug was fixed to keep them below the entropy warning thresholds. This proved impossible for the WEB16 preset, so it has now issues a warning in the same way the NTLM preset does."
The text was updated successfully, but these errors were encountered: