On 14/11/2016 21:27, ilf wrote:
Currently, pass depends on pwgen to generate passwords. I think it
would be easy and desirable to drop this dependency and generate
passwords natively.
Here's a simple way to generate passwords from /dev/random directly in
shell:
tr -dc "[:graph:]" < /dev/urandom | head -c 32
We could also use "alnum" instead of "graph" and/or "base64" instead
of "head".
I really see no reason to add an extra dependency, just for its single
use on line 457 of src/password-store.sh.
Also, we gain being in control of (and responsible) of password
generation ourselves. In the past, there have been issues with pwgen
using low-entopy:
http://www.openwall.com/lists/oss-security/2012/01/22/6
http://www.openwall.com/lists/oss-security/2013/05/24/7
What do you think?
I think whatever is done won't satisfy everyone, so it needs to be
easily pluggable. I would prefer not in an environment variable - but
that would probably mean introducing a config file, either in the user's
home directory, or inside the repo itself (like .gpg-id)
_______________________________________________
Password-Store mailing list
Password-Store@lists.zx2c4.com
http://lists.zx2c4.com/mailman/listinfo/password-store
