[pass] [PATCH] generate: default length to 15 if not specified

Jason A. Donenfeld Jason at zx2c4.com
Fri Feb 5 22:21:57 CET 2016


Good thinking. I've merged something similar (and will push it to the git
repo when the airplane lands).



commit 9715ddcd2b2a3f3ed0f27398048191ac2de60c8b
Author: Jason A. Donenfeld <Jason at zx2c4.com>
Date:   Fri Feb 5 21:28:26 2016 +0100

    generate: have a default length of 25

    Folks are lazy and don't want to type very much, so they'd like to have
    a default password length to generate that can be configured via
    environment variables per usual. I'm making the default 25.

    If the user forbids the use of symbols, pwgen will use a-zA-Z0-9,
    ensuring that at least one A-Z and at least one 0-9 is used. We want to
    have a password of at least 128-bits, so factoring in the issue with "at
    least one of this character type", 25 gets us there squarely.

    Signed-off-by: Jason A. Donenfeld <Jason at zx2c4.com>

diff --git a/man/pass.1 b/man/pass.1
index e1fe605..161350f 100644
--- a/man/pass.1
+++ b/man/pass.1
@@ -111,10 +111,11 @@ ensure that temporary files are created in
\fI/dev/shm\fP in order to avoid writ
 difficult-to-erase disk sectors. If \fI/dev/shm\fP is not accessible,
fallback to
 the ordinary \fITMPDIR\fP location, and print a warning.
 .TP
-\fBgenerate\fP [ \fI--no-symbols\fP, \fI-n\fP ] [ \fI--clip\fP, \fI-c\fP ]
[ \fI--in-place\fP, \fI-i\fP | \fI--force\fP, \fI-f\fP ] \fIpass-name
pass-length\fP
+\fBgenerate\fP [ \fI--no-symbols\fP, \fI-n\fP ] [ \fI--clip\fP, \fI-c\fP ]
[ \fI--in-place\fP, \fI-i\fP | \fI--force\fP, \fI-f\fP ] \fIpass-name
[pass-length]\fP
 Generate a new password using
 .BR pwgen (1)
-of length \fIpass-length\fP and insert into \fIpass-name\fP. If
\fI--no-symbols\fP or \fI-n\fP
+of length \fIpass-length\fP (or \fIPASSWORD_STORE_GENERATED_LENGTH\fP if
unspecified)
+and insert into \fIpass-name\fP. If \fI--no-symbols\fP or \fI-n\fP
 is specified, do not use any non-alphanumeric characters in the generated
password.
 If \fI--clip\fP or \fI-c\fP is specified, do not print the password but
instead copy
 it to the clipboard using
@@ -415,6 +416,10 @@ Specifies the number of seconds to wait before
restoring the clipboard, by defau
 .I PASSWORD_STORE_UMASK
 Sets the umask of all files modified by pass, by default \fI077\fP.
 .TP
+.I PASSWORD_STORE_GENERATED_LENGTH
+The default password length if the \fIpass-length\fP parameter to
\fBgenerate\fP
+is unspecified.
+.TP
 .I EDITOR
 The location of the text editor used by \fBedit\fP.
 .SH SEE ALSO
diff --git a/src/password-store.sh b/src/password-store.sh
index 6f85d3b..1425a59 100755
--- a/src/password-store.sh
+++ b/src/password-store.sh
@@ -15,6 +15,7 @@ which gpg2 &>/dev/null && GPG="gpg2"
 PREFIX="${PASSWORD_STORE_DIR:-$HOME/.password-store}"
 X_SELECTION="${PASSWORD_STORE_X_SELECTION:-clipboard}"
 CLIP_TIME="${PASSWORD_STORE_CLIP_TIME:-45}"
+GENERATED_LENGTH="${PASSWORD_STORE_GENERATED_LENGTH:-25}"

 export GIT_DIR="${PASSWORD_STORE_GIT:-$PREFIX}/.git"
 export GIT_WORK_TREE="${PASSWORD_STORE_GIT:-$PREFIX}"
@@ -234,8 +235,8 @@ cmd_usage() {
         overwriting existing password unless forced.
     $PROGRAM edit pass-name
         Insert a new password or edit an existing password using
${EDITOR:-vi}.
-    $PROGRAM generate [--no-symbols,-n] [--clip,-c] [--in-place,-i |
--force,-f] pass-name pass-length
-        Generate a new password of pass-length with optionally no symbols.
+    $PROGRAM generate [--no-symbols,-n] [--clip,-c] [--in-place,-i |
--force,-f] pass-name [pass-length]
+        Generate a new password of pass-length (or $GENERATED_LENGTH if
unspecified) with optionally no symbols.
         Optionally put it on the clipboard and clear board after
$CLIP_TIME seconds.
         Prompt before overwriting existing password unless forced.
         Optionally replace only the first line of an existing file with a
new password.
@@ -441,9 +442,9 @@ cmd_generate() {
  --) shift; break ;;
  esac done

- [[ $err -ne 0 || $# -ne 2 || ( $force -eq 1 && $inplace -eq 1 ) ]] && die
"Usage: $PROGRAM $COMMAND [--no-symbols,-n] [--clip,-c] [--in-place,-i |
--force,-f] pass-name pass-length"
+ [[ $err -ne 0 || ( $# -ne 2 && $# -ne 1 ) || ( $force -eq 1 && $inplace
-eq 1 ) ]] && die "Usage: $PROGRAM $COMMAND [--no-symbols,-n] [--clip,-c]
[--in-place,-i | --force,-f] pass-name [pass-length]"
  local path="$1"
- local length="$2"
+ local length="${2:-$GENERATED_LENGTH}"
  check_sneaky_paths "$path"
  [[ ! $length =~ ^[0-9]+$ ]] && die "Error: pass-length \"$length\" must
be a number."
  mkdir -p -v "$PREFIX/$(dirname "$path")"



-- 
Jason A. Donenfeld
Deep Space Explorer
fr: +33 6 51 90 82 66
us: +1 513 476 1200
www.jasondonenfeld.com
www.zx2c4.com
zx2c4.com/keys/AB9942E6D4A4CFC3412620A749FC7012A5DE03AE.asc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20160205/94e0bcd2/attachment-0001.html>


More information about the Password-Store mailing list