[pass] [PATCH] "Diceware" password generation
Sylvia
iamsylvie at openmailbox.org
Mon Dec 28 00:04:21 CET 2015
Hey everyone,
While I do personally like using pass generate normally, I have met
several people who would prefer it to generate a collection of words.
While I am not sure how to best implement this (shuf is only available
on GNU/Linux systems by default and may not be the best choice), I did
code this simple, yet working, implementation as a proof of concept,
using the password length as word count, in the hope of starting a
discussion on this:
diff --git a/src/password-store.sh b/src/password-store.sh
index d535a74..3447c8a 100755
--- a/src/password-store.sh
+++ b/src/password-store.sh
@@ -15,6 +15,7 @@ which gpg2 &>/dev/null && GPG="gpg2"
PREFIX="${PASSWORD_STORE_DIR:-$HOME/.password-store}"
X_SELECTION="${PASSWORD_STORE_X_SELECTION:-clipboard}"
CLIP_TIME="${PASSWORD_STORE_CLIP_TIME:-45}"
+DICTIONARY="${PASSWORD_STORE_DICTIONARY:-/usr/share/dict/words}"
export GIT_DIR="${PASSWORD_STORE_GIT:-$PREFIX}/.git"
export GIT_WORK_TREE="${PASSWORD_STORE_GIT:-$PREFIX}"
@@ -234,10 +235,10 @@ cmd_usage() {
overwriting existing password unless forced.
$PROGRAM edit pass-name
Insert a new password or edit an existing password using
${EDITOR:-vi}.
- $PROGRAM generate [--no-symbols,-n] [--clip,-c] [--in-place,-i
| --force,-f] pass-name pass-length
- Generate a new password of pass-length with optionally no
symbols.
- Optionally put it on the clipboard and clear board after
$CLIP_TIME seconds.
- Prompt before overwriting existing password unless forced.
+ $PROGRAM generate [--no-symbols,-n | --words,-w] [--clip,-c]
[--in-place,-i | --force,-f] pass-name pass-length
+ Generate a new password of pass-length with optionally no
symbols or by using
+ ${DICTIONARY:-/usr/share/dict/words}. Optionally put it on
the clipboard and clear
+ board after $CLIP_TIME seconds. Prompt before overwriting
existing password unless forced.
Optionally replace only the first line of an existing file
with a new password.
$PROGRAM rm [--recursive,-r] [--force,-f] pass-name
Remove existing password or directory, optionally forcefully.
@@ -429,19 +430,20 @@ cmd_edit() {
}
cmd_generate() {
- local opts clip=0 force=0 symbols="-y" inplace=0
- opts="$($GETOPT -o ncif -l no-symbols,clip,in-place,force -n
"$PROGRAM" -- "$@")"
+ local opts words=0 clip=0 force=0 symbols="-y" inplace=0
+ opts="$($GETOPT -o nwcif -l no-symbols,words,clip,in-place,force -n
"$PROGRAM" -- "$@")"
local err=$?
eval set -- "$opts"
while true; do case $1 in
-n|--no-symbols) symbols=""; shift ;;
+ -w|--words) words=1; shift ;;
-c|--clip) clip=1; shift ;;
-f|--force) force=1; shift ;;
-i|--in-place) inplace=1; shift ;;
--) shift; break ;;
esac done
- [[ $err -ne 0 || $# -ne 2 || ( $force -eq 1 && $inplace -eq 1 ) ]]
&& die "Usage: $PROGRAM $COMMAND [--no-symbols,-n] [--clip,-c]
[--in-place,-i | --force,-f] pass-name pass-length"
+ [[ $err -ne 0 || $# -ne 2 || ( $force -eq 1 && $inplace -eq 1 ) ||
( $symbols == "" && $words -eq 1 ) ]] && die "Usage: $PROGRAM $COMMAND
[--no-symbols,-n | --words,-w] [--clip,-c] [--in-place,-i | --force,-f]
pass-name pass-length"
local path="$1"
local length="$2"
check_sneaky_paths "$path"
@@ -452,7 +454,12 @@ cmd_generate() {
[[ $inplace -eq 0 && $force -eq 0 && -e $passfile ]] && yesno "An
entry already exists for $path. Overwrite it?"
- local pass="$(pwgen -s $symbols $length 1)"
+ if [[ $words -eq 0 ]]; then
+ local pass="$(pwgen -s $symbols $length 1)"
+ else
+ local pass="$(cat ${DICTIONARY} | shuf -n $length | tr -d '\n')"
+ fi
+
[[ -n $pass ]] || exit 1
if [[ $inplace -eq 0 ]]; then
$GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile"
"${GPG_OPTS[@]}" <<<"$pass"
More information about the Password-Store
mailing list