#PSA: The latest release of #pass 1.7.2 fixed a fairly major security hole: In prior versions, if an attacker could write to your ~/.password-store directory, they could exploit a bug in pass' regex to add a new GPG key, potentially granting access to the passwords.
Though rare, it's worth updating ASAP.
@Wolf480pl @firstname.lastname@example.org Yes, the current pass-gen default dictionary is bigger than 256 words—it's 8,429 :D
So (since the search space grows exponentially) to get the same/better security you'd need 10 words. Would `st?UY?ld?ST?le?DT?ay?PO?tg?LD?507` still be easier to type?
Maybe it would, but I'd think it'd be harder to say and up the odds of typos.
Nevertheless, it's worth thinking about how pass-gen could support the use of mnemonics. I'll put some thought into it for a future version
is still easier to type I think.
If I want to say it, I say the full words, not just the letters that I type.
Also, I'll probably never want to say it aloud, because then someone other than me could hear it :P
Also, once it's easier to get such a password into muscle memory than it is with a password containing full words.
@Wolf480pl @email@example.com Hmm, our muscle memory must work differently! I have a much easier time typing out full words that are part of my normal vocabulary than I do typing out (even short) strings of characters that don't form words.
In any event, you've convinced me to add support for some sort of mnemonic-based system. I'll let you know when I've added it.
Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.