Read on Twitter
Reminder to anyone generating random strings to use as passwords : please refrain from using anything else than alphanumeric characters.
If you want more entropy, just make it longer.
Why ?
https://abs.twimg.com/emoji/v2/... draggable="false" alt="👇" title="Down pointing backhand index" aria-label="Emoji: Down pointing backhand index">
If you want more entropy, just make it longer.
Why ?
Adding special characters does not bring any extra security compared to making the string longer.
It however brings new categories of problems : escaping special characters in config files / storage medium / transmission medium.
It however brings new categories of problems : escaping special characters in config files / storage medium / transmission medium.
This can happen in very unexpected shapes.
* A crappy rescue web terminal where you can& #39;t type your emergency root password
* A yaml config file
* A physical serial console
* Dictating it over the phone
* Typing it on a keyboard layout other than yours
* A crappy rescue web terminal where you can& #39;t type your emergency root password
* A yaml config file
* A physical serial console
* Dictating it over the phone
* Typing it on a keyboard layout other than yours
This thread only affects passwords that won& #39;t need to be remembered.
For example, service account passwords, or passwords stored in your password manager.
User-rememberable passwords are an entirely different story, cf https://xkcd.com/936/ ">https://xkcd.com/936/"...
For example, service account passwords, or passwords stored in your password manager.
User-rememberable passwords are an entirely different story, cf https://xkcd.com/936/ ">https://xkcd.com/936/"...
