In-reply-to » Q: Are passphrases really more secure than cryptographically random passwords? 🤔 yep, I was going to share the bip-39 spec, thanks for pointing it out. A regular passphrase, like taking a random quote from a book is not ideal, perhaps the equivalent to using ‘password123’

I switched from using long random passwords like qayxTW7rr8T95V8b8ZHV4QMHcaTssVqDwEEr3Hzr to Ream4-Cope-Daringly-Waving-Likeness-Urchin-Arise

They are easier to type, and have similar entropy (if used correctly)

As says, the real problem is with allowed_chars <= 50 even for long passwords or simpler passphrases, which is stupid since the hashed password uses the same amount of chars. Perhaps allowing up to 100 or 200 chars is good enough, and maybe rejecting some special characters like emojis, no idea.

⤋ Read More