Why does KeePassium Password Strength Checker suck?

[RTClarkV]

KeePassium is great, don't get me wrong. One problem: The password strength checker sucks. It says a 9 character long, 48 bit password is "very good" with the green bars maxed out. This is misleading and bad. I would never trust a password of 48 bits, much less consider it "very good." Please change this. ANY other password manager I've used in the past like KeePassXC, PassBolt, and StrongBox think that a 48 bit password is laughable. The "very good" password indication should only be reserved for passwords of at least 120 bits. I don't know how you guys messed up this tiny thing in your really awesome password manager. Is this flaw normal or did I mess some setting up?

[keepassium]

Thank you for the feedback.

As far as I can tell, all the apps use some flavor of the Zcvbn library for entropy estimation (not sure about PassBolt). So the entropy estimates should be more or less the same, the difference is in description.

KeePassXC maps entropy to description using a custom function with arbitrary-looking thresholds (> 75 bit is good, > 100 bit is excellent).

KeePassium, in turn, uses qualitative scores from the library itself. These are based on a different principle (a logarithm of estimated "seconds to crack") and therefore are very different from KeePassXC's.

I filed #359 to switch to entropy-based descriptions similarly to KeePassXC.

[RTClarkV]

Thanks for responding, this was very informal.