Aaron Toponce βš›οΈMay 25, 2023

If I'm counting correctly, I see 16 Unicode horizontal white space characters.

#passwords

😏

Show threadAaron Toponce βš›οΈMay 25, 2023
This is tricky to verify I've implemented correctly.
msdismeMay 26, 2023
Show threadAaron Toponce βš›οΈ

For example, here are some white space #passwords with 80-bits security. There are 16 white space characters to choose from of varying widths, which means each of these below are 20 characters long, wrapped in quotes:

- "       β€ˆβ€„β€Šβ€ƒβ€‡ β€†β€Šβ€‡β€ƒ "
- " β€ˆβ€†β€„β€‡β€„γ€€β€„β€‚β€ˆβ€β€€β€ˆβ€‡β€‚β€‰β€„β€€β€‡β€†"
- "β€ŠβŸ β€‰β€ˆβ€€β€‚β€…β€‰β€‰β€†β€‚β€‰β€†β€‡β€β€Šβ€‰ "
- "                 "
- "β€ˆβ€‡ β€‡β€†β€†β€‡β€ƒβ€ˆβ€Šγ€€β€ƒβ€† β€ˆ β€Šγ€€β€ "

So, not only are there passwords you can't remember, now there are passwords you can't read!

May 25, 2023 at 2:20amWeb
Show threadAaron Toponce βš›οΈMay 25, 2023
This has to be the dumbest thing I've come up with yet.
Show threadAaron Toponce βš›οΈMay 25, 2023
Whelp.
Show threadAaron Toponce βš›οΈMay 25, 2023

22 unique non-graphical whitespace characters that I can reliably print during generation. That's ~4.459 bits of entropy per character.

πŸ˜‚

https://github.com/atoponce/webpassgen/blob/2bccaa2133354a96fa089e0e446e4001a1d6b63c/js/random.js#L86-L125

webpassgen/random.js at 2bccaa2133354a96fa089e0e446e4001a1d6b63c Β· atoponce/webpassgen

Simple web-based password generator. Contribute to atoponce/webpassgen development by creating an account on GitHub.

GitHub
Show threadAaron Toponce βš›οΈMay 25, 2023

Even zxcvbn-ts agrees that "β€†γ€€β€β€Šο»Ώβ€‡ο»Ώβ€― σ € β€„β€„βŸο»Ώβ€‡β€ˆβ€‹β€―βŸβ€Šβ€ƒβ€ α Žβ€ŠβŸβ€Œβ€ƒβ€―" is a strong password.

https://zxcvbn-ts.github.io/zxcvbn/demo/

Demo | zxcvbn-ts

Realistic password strength estimation written in typescript

Show threadπŸ‡ΊπŸ‡¦πŸ‡ͺπŸ‡Ί cweickhmannMay 25, 2023
@atoponce Clipboard to the rescue!
Show threadEvan ProdromouMay 25, 2023
@atoponce and yet
Show threadAaronMay 25, 2023
@atoponce This is a great example of Dumb/Awesome horseshoe theory.

Useful? Probably not.
Awesome? Absolutely!
Show threadlotharMay 25, 2023
@atoponce
Did you use Whitespace (https://en.wikipedia.org/wiki/Whitespace_%28programming_language%29) for the coding?
If not: room for improvement! πŸ˜‰
Whitespace (programming language) - Wikipedia

Show threadNico -telmich- SchotteliusMay 25, 2023
@atoponce Did you try to embed the "bell/ring" character, too?
Show threadπŸ‡ΊπŸ‡¦πŸ‡ͺπŸ‡Ί cweickhmannMay 25, 2023

@atoponce Alas, getdigital.de already has the right keyboard for entering your passwords!

https://www.getdigital.de/blank-keyboard.html

Blank Keyboard | Geschenke und Gadgets fΓΌr Nerds online kaufen | getDigital

Eine Tastatur ohne Beschriftung - perfekt zum Lernen des Blindschreibens oder zum Angeben bei Kollegen.

Show threadMark WieczorekMay 25, 2023
@atoponce ... and passwords that we can no longer use!
Show threadAaron Toponce βš›οΈMay 25, 2023
@mrak Why not? Copy/paste out of your password manager, no?
Show threadMark WieczorekMay 25, 2023
@atoponce they are now in a password cracking database :)
Show threadAaron Toponce βš›οΈMay 25, 2023
@mrak Already figured they were! Provided you have a sufficient security margin, it doesn't matter.
Show threadCalebMay 25, 2023
@atoponce That’s kinda brilliant.
Show threadAaron Toponce βš›οΈMay 25, 2023

@geekosupremo It's implemented, and is generating everything correctly from what I can tell after several tests.

The only bug I've encountered so far is counting the number of "characters" in the password. As most are three bytes long, and one of them is four bytes, I need to make sure I'm counting correctly.

JavaScript isn't playing nicely.

Show threadCalebMay 26, 2023
@atoponce C’mon JavaScript! Get it together. πŸ˜‰
Show threadAaron Toponce βš›οΈMay 26, 2023
@geekosupremo I got it. It was a bug in my code. Everything is getting counted correctly.
Show threadCalebMay 26, 2023
@atoponce Glad it got resolved. Good on ya.