You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The following comment was made in the Android Market: "Works as described, but
I can't select required parameters like: must be 6-8 characters, contain at
least 2 letters and 2 numbers."
The length restriction is technically a non-issue; if a minimum and maximum
length is set by the service you wish to authenticate with, simply set the
Length Restriction field to the maximum value (in this case, 8) and the
requirement should be met.
However, there is nothing in Cryptnos to enforce rules for more detailed
character requirements, aside from the general options listed under Character
Restrictions. In other words, there is no way to specify "at least 2 letters
and 2 numbers". For this specific example, it is likely not an issue; Cryptnos
passwords are Base64-encoded data, so it is statistically unlikely that a
password will be generated with zero or one of these specific character
classes. Likewise, Base64 data is mixed case, so it is unlikely that a password
would be generated with only one case (i.e. all lowercase or all uppercase).
There are two symbols in Base64 (in our case, the plus sign and forward slash),
which may statistically be less likely to appear than alphanumerics, but it is
still unlikely that an 8-character password wouldn't contain at least one.
Still, I look at this comment as a request and I'll treat it as such. This will
be a complex one, because it would require logic, UI, storage, and
import/export changes. It would also require changes to Cryptnos for Windows
for the two apps to remain in sync. I'll have to think about whether or not to
implement this one, and I'll leave it open for a while for commenting.
This is, of course, easy enough to work around without modifying the
application. If a specific combination of site token and master password does
not meet these requirements, slightly changing one or the other will generate a
vastly different password that probably will. Choosing the most inclusive
Character Restriction setting ("All generated characters") will ensure the
greatest likelihood of meeting the requirement. If you feel strongly about the
site token and master password used, incrementing the Hash Iterations setting
will generate something new that is also very probable to meet the requirement.
Since site token, character restrictions, and hash iterations are all saved
with your parameter data, only changes to the master password require extra
effort on the part of the user.
Original issue reported on code.google.com by jeff.darlington@gmail.com on 4 Aug 2010 at 6:42
The text was updated successfully, but these errors were encountered:
Restated this issue and added a few additional comments in the following blog
post:
http://www.cryptnos.com/2010/08/04/more-specific-character-restrictions/
The more I think about this issue, the more I think that it's not really within
the scope of Cryptnos. I think the workarounds listed, especially incrementing
the hash iterations, will be more than sufficient to work around the
"deficiency" in settings. The addition of so many extra parameters really
creates a lot of extra work to implement this, especially since the workarounds
are non-intrusive and easy to implement. Still, I'm going to leave this open
for comment a little while longer. If I get a lot of positive feedback for this
feature, I'll add it; otherwise, I'll close this with a "wontfix" tag.
Original comment by jeff.darlington@gmail.com on 16 Aug 2010 at 2:57
Original issue reported on code.google.com by
jeff.darlington@gmail.com
on 4 Aug 2010 at 6:42The text was updated successfully, but these errors were encountered: