Aaron Toponce โš›๏ธMay 25, 2023

If I'm counting correctly, I see 16 Unicode horizontal white space characters.

#passwords

๐Ÿ˜

Show threadAaron Toponce โš›๏ธMay 25, 2023
This is tricky to verify I've implemented correctly.
Show threadAaron Toponce โš›๏ธMay 25, 2023

For example, here are some white space #passwords with 80-bits security. There are 16 white space characters to choose from of varying widths, which means each of these below are 20 characters long, wrapped in quotes:

- "โ€„ โ€‚โ€…โ€†โ€ƒ โ€ˆโ€„โ€Šโ€ƒโ€‡ โ€†โ€Šโ€‡โ€ƒ "
- " โ€ˆโ€†โ€„โ€‡โ€„ใ€€โ€„โ€‚โ€ˆโ€โ€€โ€ˆโ€‡โ€‚โ€‰โ€„โ€€โ€‡โ€†"
- "โ€ŠโŸ โ€‰โ€ˆโ€€โ€‚โ€…โ€‰โ€‰โ€†โ€‚โ€‰โ€†โ€‡โ€โ€Šโ€‰ "
- "โ€ƒใ€€โ€€โ€€โ€„โ€ƒ โ€…โ€†โ€€โ€€โ€‡โ€†โ€ โŸ "
- "โ€ˆโ€‡ โ€‡โ€†โ€†โ€‡โ€ƒโ€ˆโ€Šใ€€โ€ƒโ€† โ€ˆ โ€Šใ€€โ€ "

So, not only are there passwords you can't remember, now there are passwords you can't read!

Show threadAaron Toponce โš›๏ธMay 25, 2023
This has to be the dumbest thing I've come up with yet.
Show threadAaron Toponce โš›๏ธMay 25, 2023
Whelp.
Show threadAaron Toponce โš›๏ธ

22 unique non-graphical whitespace characters that I can reliably print during generation. That's ~4.459 bits of entropy per character.

๐Ÿ˜‚

https://github.com/atoponce/webpassgen/blob/2bccaa2133354a96fa089e0e446e4001a1d6b63c/js/random.js#L86-L125

webpassgen/random.js at 2bccaa2133354a96fa089e0e446e4001a1d6b63c ยท atoponce/webpassgen

Simple web-based password generator. Contribute to atoponce/webpassgen development by creating an account on GitHub.

GitHub
May 25, 2023 at 2:56pmWeb
Show threadAaron Toponce โš›๏ธMay 25, 2023

Even zxcvbn-ts agrees that "โ€†ใ€€โ€โ€Š๏ปฟโ€‡๏ปฟโ€ฏ ๓ € โ€„โ€„โŸ๏ปฟโ€‡โ€ˆโ€‹โ€ฏโŸโ€Šโ€ƒโ€ แ Žโ€ŠโŸโ€Œโ€ƒโ€ฏ" is a strong password.

https://zxcvbn-ts.github.io/zxcvbn/demo/

Demo | zxcvbn-ts

Realistic password strength estimation written in typescript