UUIDs are good passwords.

V4 - yes. V1 and v2 - nope

Remembering passwords is stupid, has less entropy, bet you reuse it across a bunch of sites, and is still vulnerable to phishing

Not remembering, but on occasion you must be able to copy certain passwords by hand. Especially if you follow your earlier advice and store them in a paper notebook.

@tamagotchi If a UUID is too long for the password field there's something piscatorial in the works.

I just want to note that passwords are actually meant to be text that you can remember.

If it’s something generated with random symbols then it‘s more of an auth key.

@Lensflare I feel like this is where passphrases came around. From security perspective they're the same as passwords, but from user perspective they might be better.

I like a good passphrase.

The best ones are grotesquely obscene. Makes them more memorable and also gives you a powerful incentive not to accidentally type them into that teams chat on the other screen.

@donkulator OstreamSucks0nT1d3Pods

Whoops…

@tamagotchi

Upvote as in it's better to have something you remember, yes.

Besides that, UUIDs are indeed more entropy than atoms in the solar system. So they make good passwords that don't need hashing nor salting. (Bear in mind you still wanna do this if only to maintain secrecy).

@kiki I think I have seen password generators literally use UUIDs

@whimsical agree about the password manager, though I would like an "account" manager, that just remembers which sites you've logged into

@donkulator @Lensflare and then they don't allow spaces

Ubisoft is 12 characters from what I remember (or maybe was it 10, some insane low number)

@BordedDev mine does for the hex part https://miloxeon.codeberg.page/libr...

@kiki Nice, any reason you went with the UUID format/style?

@BordedDev uhhh it's not uuid. I mean the hex part of the password is taken from randomUUID() call result

@kiki isn’t randomUUID() redundant?
Any UUID is random already. And you can’t create one that is more random than any other one.

@Lensflare uuid v1 is far from being random. I would prefer tc39 to call this function “UUIDv4”, but I suppose uuid committee (Microsoft) has plans to do all future improvements on uuid without changing the format itself. Thus, when a critical vulnerability is found in v4, randomUUID() can just be made to generate v5, instead of making the whole world’s worth of websites to update their function calls

@Lensflare

I guess random as in the method of constructing it, but yeah, wouldn't be an UUID if it weren't random.

@Lensflare actually “UUIDv4” is a lame name for a function because it starts with a capital despite not being a class name. “uuidv4” is lame because “v” and “uuid” aren’t equal in their meaning, but they’re equal in their casing. Those acronyms man. Call it “uuid4”, but that ain’t gonna happen — that’s too kikish for mainstream software

@kiki Microsoft?!
Don’t they have their own UUIDs called GUID?

@kiki yup, anything that has an abbreviation has this problem in camel case.

SmallPDFFile?
SmallPdfFile?
SmallpdfFile?

No matter how you put it, it‘s wrong.

@Lensflare I was wrong. It's IETF and open software foundation. I'm so grateful it's not ms :D

@kiki universallyUniqueIdentifierVersion4()

@kiki I meant the 7 char and hyphens

@BordedDev not all hyphenated char blocks are uuids

@kiki sure was just curious about the choice

Also uuidV4?

@BordedDev what uuidV4?

@kiki for the function name, just joining on the conversation above

@BordedDev ah. Hate that capital V!

@kiki Fair enough, I don't think version should be in function names either.

What about uuid(UuidVersion4) - granted that would only work in languages that more dynamic for the dynamic amount of parameters

@whimsical amazing, good for you. About python though… it was my first language that I learned to do real things in, not just textbook algos.