Conversation

Humans are bad at coming up with passwords. How much would y'all hate it if the age CLI didn't support custom passwords, and always generated a secure passphrase? (The API and --decrypt would still support custom passwords.)

Sure, autogenerate it!
58.7%
Hell no, I need custom
25.1%
age? passphrases? huh?
16.2%

881 votesFinal results

Replying to

I think you can find a way to steer a good default without breaking things (including m17n!) for users with legitimate need.

Replying to

Right, I am trying to understand what the legitimate needs are, so I can make sure they are addressed, because I have not encountered them myself.

Replying to

I think m17n is the biggest show stopper. In 2021 no software should be reverting to "use one of the big imperial languages or fuck you". (Note: UI in your language & ability to have data in your language are very different levels here.)

Replying to

and

BIP39 seed phases support localization. There aren't word lists for each language though. The word lists need to be carefully crafted. You can see an example of the thought that has to go into it at github.com/bitcoin/bips/p. Can't really add a language without being very fluent.

github.com

Add Portuguese wordlist to BIP39 by sabotag3x · Pull Request #998 · bitcoin/bips

The Portuguese wordlist was carefully checked manually by Portuguese and Brazilians in order to achieve a high level of quality. All the words are commonly used in both countries. In addition the P...

Replying to

and

Right. The problem is that there are hundreds if not thousands of languages that will never be added, but where users are perfectly free to make their own passphrases thanks to Unicode as long as you let them.

Replying to

and

They could make their own word lists and share them instead of directly making user-generated passphrases if the software supported using your own word list in the standard format like this: github.com/bitcoin/bips/b.

github.com

bips/chinese_simplified.txt at master · bitcoin/bips

Bitcoin Improvement Proposals. Contribute to bitcoin/bips development by creating an account on GitHub.

Replying to

and

Making a good word list for this requires a lot of technical expertise (not to mention a lot of manual work) beyond just knowledge of your language. So yes it would be nice to allow language communities to make their own, but it's not a replacement for control over passphrase.

Replying to

and

It's essentially fine to just put 2048 arbitrary words in the list if you're just using it yourself though. The reason for putting all the work into it is to provide a better experience by making it easier to transcribe (or remember, for short seed phrases) without mistakes, etc.

3:13 PM · Jun 2, 2021Twitter Web App

Replying to

and

You have a better experience that way because it detects typos via knowing the words and checksum and you can figure out which word was intended if you can't read a character that was written down, etc. The English word list is actually not as good as the newer ones.

Replying to

and

I don't buy that it's easy. Just making a list of 2048 words is nontrivial, and if you do it in stupid automated ways you're going to get ones easily mistaken for each other, or that are hard to spell or have ambiguous spellings, etc.