Fix an old bug and add options to include and enforce additional characters #9
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
At least one character of the given string has to be present in each resulting password.
Every additionally forced character increases the runtime exponentially.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hi,
I got annoyed by the need to include at least one symbol character in passwords but didn't want to use just any symbol but specifically
_because it gets included in double-click selections in my terminal. So I added two options... one simply allows the user to supply a string of characters that should get included in the pool of valid characters (i.e. kind of the reverse of--remove-chars). The other one does not only add the characters but also tests if they are included in the resulting password. The latter dramatically increases the runtime up to infinity if conflicting settings are chosen but it does not tinker with the randomness whatsoever (which I think is more important).I have split the enforcement patch into two: The first does only check if any of the given characters is included at least once in every resulting password. The second one changes that to test that all of the characters are included at least once, which is far less likely to happen at random thus increases the runtime a lot more (exponentially in the length of the string AFAICS) but is likely more useful to potential users.
I have not put much thought into refactoring anything (e.g., the prototypes get a bit bloated) but I don't think there is too much to gain.
The patches do not include changes to the manpage yet. I'd like to have some feedback first.
Cheers.
PS:
find_charscould simply be replaced withstrpbrkAFAICT.