Remove the password strength meter on the Persistent Storage passphrase
Our current strength meter doesn't match our recommendation and that confuses users.
It's not realistic for us to have a strength meter that matches our recommendations as it's impossible to measure randomness.
Original report by @BenWestgate:
Passphrase strength meter does not match our recommendations
We may want to change the passphrase strength hint thresholds to match our recommendation: "Tails recommends using a long passphrase of 5 to 7 words."
To me that means 5 words should say "Excellent", 4 words "Good", 3 words "Fair" and 2 or fewer words "Weak".
There may be some random variance in strength estimation that causes some random passphrases to be rated a hint better or worse lower but that is fine if we center the estimation distribution in the middle of each band so most of the time it behaves as suggested above.
3 words likely costs a few thousand USD to crack and is "Fair" not worthless like "Weak" not "Good" either, 4 words is "Good" against non-state sponsored attackers as it's millions of USD and "Excellent" should be our recommended 5 to 7 words.
Currently, it says "Weak" for 1 word, "Fair" or "Good" for 2 words, "Strong" for 3 words and my testers have complained about it thinking it's flawed: "Why does the meter fill up so quickly before I have typed a strong enough passphrase?" It is good they knew to trust their instincts rather than the meter...
Also, why not use keepassxc-cli estimate
for strength?
The current one does stupid things like: "password1234!" => "Strong" simply because password123 is in its dictionary but password1234! is not.
While keepassxc-cli estimate "password1234!"
calls it 6-bits accurately reflecting that it is a poor password that will be instantly guessed possibly by hand.
Finally, the word "Strong" should be changed to "Excellent" matching how KeepassXC is displaying the highest estimate hint and Google's "Modern password security for system designers":
The problem with hinting that a passphrase "Strong" is it implies something it cannot do. A strength estimator can only detect weak passphrases, it can never detect strong passphrases because it can never detect all predictable inputs.
https://cloud.google.com/solutions/modern-password-security-for-system-designers.pdf
There is a big difference between telling a user that they have provided all of the minimum requirements for using a password, and telling the user that their password is “strong” or “weak.” Showing a user that they have met the requirements of your password policy is easy to do with confidence, and passes no judgement on the user’s security choices. Telling a user that their password is strong, however, gives them a false sense of security and is ultimately a risky approach. Unless you are intelligently looking at each password in relation to entropy and similar-character replacement, and regularly checking against known password compromises, you cannot definitively say that a password is strong. With only basic entropy calculation, you can confidently identify weak passwords and provide a best-case-scenario estimate of the password's strength, but you will also identify several types of weak passwords as high-entropy.
Let me know if you know if you agree with these proposals. I will be able to do the work for this as I've used keepassxc-cli estimate
to give strength hints in the past.