On Mon, Dec 7, 2020 at 11:38 PM Rob Landley <[email protected]> wrote:
> > > On 12/8/20 12:40 AM, enh wrote: > > > > > > On Mon, Dec 7, 2020 at 9:07 PM Rob Landley <[email protected] > > <mailto:[email protected]>> wrote: > > > > On 12/7/20 10:52 PM, Rob Landley wrote: > > > Hmmm, this is producing a LOT more capital letters than the other > version, > > which > > > also falls under "human readable affordance". let's see... Top bit > of entropy > > > per byte isn't really used, so I'll squelch capitals when it's > set. (That > > should > > > make 1/4 of letters capital.) > > ... > > > That's still a very different character distribution. He's > squelching more > > > capitals than I am, and at least half the punctuation... > > > > Forgot to mention I used the same high bit squelch trick to suppress > half the > > punctuation. The result still has more punctuation on average yet > isn't > > guaranteed to have punctuation in EACH generated password, but... > > > > > Which is... eh? Close enough? > > > > Checked in the cleanup, and promoted it to toys/other. > > > > I note that -s isn't hooked up to anything. Maybe I should make it > disable the > > two squelches? Yeah, I'll do that... > > > > > > i think that the toybox implementation is effectively "always -s" > because it's > > just using random characters, and not doing the "pronounceable" bit. try > reading > > out your own example: > > A) first I've heard of it (I didn't use this command before and was just > cleaning up the submission based on what it was already doing), > > B) pronounceable? > > wa quote zo nine ea? > > tu capital-n g right square bracket seven e? > > eja left parentheses X 5 ee? > > > $ pwgen -y > > Eegae:B9 pee3Boh{ Hie~j3Lu aew)a3Jo zae'Cho5 quah!Ph5 EJa(X5Ee zui7Aez) > > Too2Ed)o kap.ae4L ahj$i8Se Aile-ch4 nah+w3Ea wa"Zo9ea Shu4dae+ tuNg]u7e > > giY!oc9o duG5eiz- sahc7eS* ooPi@z0e eX7nei_d iV/ae1se eiQu4om^ Ni>pig1o > > > > and then try to read the toybox ones out instead: > > > > $ toybox pwgen -y > > p:Q1$h=C h6W`ieZ< Q`o!b|+) 1apBp}nT er@7mKgi waAqC[7i v<y\:jzt [#o=Nw7w > > tx1^1Uo[ o`B]y84{ wjdsl>%n R=<h[*0" #m*+(z!( qbZf,3h) fs&oc1C0 `?#-sstC > > r`mR{ht{ i%g'FA$> ofy=#t}7 rCRWEmlq 7A;/`|}= rvqv|swe wT\z-(sw ,Cr*y6c. > > > > i suspect the real thing is meant to be something more > > like https://nvlpubs.nist.gov/nistpubs/Legacy/FIPS/fipspub181.pdf ? > > > > the interesting bit seems to be: > > > > /* > > * Generate next unit to password, making sure that it follows > > * these rules: > > * 1. Each syllable must contain exactly 1 or 2 consecutive > > * vowels, where y is considered a vowel. > > * 2. Syllable end is determined as follows: > > * a. Vowel is generated and previous unit is a > > * consonant and syllable already has a vowel. In > > * this case, new syllable is started and already > > * contains a vowel. > > * b. A pair determined to be a "break' pair is encountered. > > * In this case new syllable is started with second unit > > * of this pair. > > * c. End of password is encountered. > > * d. "begin" pair is encountered legally. New syllable is > > * started with this pair. > > * e. "end" pair is legally encountered. New syllable has > > * nothing yet. > > * 3. Try generating another unit if: > > * a. third consecutive vowel and not y. > > * b. "break" pair generated but no vowel yet in current > > * or previous 2 units are "not_end . > > * c. "begin" pair generated but no vowel in syllable > > * preceding begin pair, or both previous 2 pairs are > > * designated "not_end". > > * d. "end" pair generated but no vowel in current syllable > > * or in "end" pair. > > * e. "not_begin" pair generated but new syllable must > > * begin (because previous syllable ended as defined in > > * 2 above). > > * f. vowel is generated and 2a is satisfied, but no syllable > > * break is possible in previous 3 pairs. > > * g. Second and third units of syllable must begin, and > > * first unit is "altemate_vowel". > > */ > > [Reads the above three times. Remains unenlightened.] > > Given that I've been failing to learn japanese for almost 5 years > including 20 > minutes on it earlier today, if I _should_ do something like this I'd > probably > just program in the hiragana syllabary and have it pick from there instead > of > letters, then output romanji. :) > > The resulting loss of entropy in 8 chars is still a thing though. And > where to > throw in the random capitalizations... (I'd say a capital number is > something > from the punctuation list except the puncuation list is over twice as > long...) > > In any case, it's a complete rewrite of the password generation logic, > although > that's now a drop-in replacement for a tiny code block. If you think it's > worth > doing, I can do it... > i have no opinion on that, not having used either, but did think it might be worth changing the docs to match reality: - -s --secure Generate more random passwords. + -s --secure Generate random passwords (default). i see there's also a secpwgen(1) but that seems to be slightly different again? > Rob >
_______________________________________________ Toybox mailing list [email protected] http://lists.landley.net/listinfo.cgi/toybox-landley.net
