On 18/12/2016 15:20, Jason A. Donenfeld wrote:
https://git.zx2c4.com/password-store/commit/?id=f2a6078885c61040737c602a99ee75ba8009f17f
Any criticism of this?
Well firstly, it doesn't even work under OSX. I tried this:
#!/bin/bash
length=25
characters='[:graph:]'
read -r -N $length pass < <(tr -dc "$characters" < /dev/urandom)
echo $pass
Result:
$ ./badpass.sh
./badpass.sh: line 4: read: -N: invalid option
read: usage: read [-ers] [-u fd] [-t timeout] [-p prompt] [-a array] [-n
nchars] [-d delim] [name ...]
tr: Illegal byte sequence
Looking at the bash manpage:
read [-ers] [-u fd] [-t timeout] [-a aname] [-p prompt] [-n
nchars] [-d delim]
[name ...]
...
-n nchars
read returns after reading nchars characters
rather than waiting
for a complete line of input.
But even changing -N to -n, OSX's tr doesn't work with binary data. The
problem is that 'tr' is complaining about invalid unicode characters.
You can fix it like this:
read -r -n $length pass < <(LC_ALL=C tr -dc "$characters" < /dev/urandom)
And now it works:
$ ./badpass.sh
6t-_'EOXaKZv1@#Z:yk@P\MSJ
But more seriously, there is the risk that this will consume a
pipe-buffer (4KB? 8KB?) of entropy, only to discard most of it. That's
extremely wasteful.
Furthermore, despite consuming so much entropy, it doesn't even
guarantee that every password generated has at least one upper-case,
lower-case, digit and symbol - i.e. the password may still be rejected
by many websites!
With the default password length of 25, the probably of *not* including
at least one digit is:
p(no digits) = ((95-10)/95)^25 = 0.062
That is, 6.2% of the time, it will generate a password with no digits.
(Probabilities of no upper-case, no lower-case and no symbols are much
smaller and can be ignored) (*)
I think we need a pluggable password generator, so at least we don't
have to argue and people can use whatever generator they prefer. And as
for a default, well pwgen is (in my opinion) better than the one in that
patch.
Regards,
Brian.
(*) Aside: using random bytes into base64 also doesn't guarantee at
least one symbol from each class of course.
However, if you don't care about symbols, base64 does a better job. A
24-character base64 password, consuming 18 bytes from /dev/urandom, has
a smaller probability of no digits:
p(no digits) = ((64-10)/64)^24 = .017
p(no upper) = p(no lower) = ((64-26)/64)^24 = .0000037
However, about half of passwords will have no symbol:
p(no symbols) = ((64-2)/64)^24 = .467
You can probably keep sites which require at least one symbol happy just
by appending one fixed symbol to the end, like "=". This is not making
your password any weaker, so why not?
_______________________________________________
Password-Store mailing list
[email protected]
https://lists.zx2c4.com/mailman/listinfo/password-store
