Prevent duplicate entries in passphrase wordlists

Replace a QVector for the wordlist with a QSet. This removes all duplicate entries in a given wordlist. Thus, it hinders a malicious wordlist that has the proper length (>4000 entries) but with repetitions (effectively << 4000 entries) to be used and potentially create weaker passphrases than estimated. Example: List with 4000 items but only 64 unique words would lead to only 48 bit of Entropy instead of ~95 bit!
2025-04-03 20:47:37 +03:00 · 2024-06-28 11:24:44 +02:00 · 2024-06-28 11:24:44 +02:00 · c7d318236f
commit c7d318236f
parent 9b4e6b4e11
8 changed files with 47 additions and 26 deletions
--- a/share/translations/keepassxc_en.ts
+++ b/share/translations/keepassxc_en.ts
@ -7653,10 +7653,6 @@ Do you want to overwrite it?</source>
        <source>Invalid word count %1</source>
        <translation type="unfinished"></translation>
    </message>
-    <message>
-        <source>The word list is too small (&lt; 1000 items)</source>
-        <translation type="unfinished"></translation>
-    </message>
    <message>
        <source>Title for the entry.</source>
        <translation type="unfinished"></translation>
@ -8902,6 +8898,10 @@ This option is deprecated, use --set-key-file instead.</source>
        <source>Only PBKDF and Argon2 are supported, cannot decrypt json file</source>
        <translation type="unfinished"></translation>
    </message>
+    <message>
+        <source>Cannot generate valid passphrases because the wordlist is too short</source>
+        <translation type="unfinished"></translation>
+    </message>
 </context>
 <context>
    <name>QtIOCompressor</name>