[pass] generate passwords natively instead of dependency
ilf
ilf at zeromail.org
Mon Nov 14 22:27:03 CET 2016
Currently, pass depends on pwgen to generate passwords. I think it would
be easy and desirable to drop this dependency and generate passwords
natively.
Here's a simple way to generate passwords from /dev/random directly in
shell:
tr -dc "[:graph:]" < /dev/urandom | head -c 32
We could also use "alnum" instead of "graph" and/or "base64" instead of
"head".
I really see no reason to add an extra dependency, just for its single
use on line 457 of src/password-store.sh.
Also, we gain being in control of (and responsible) of password
generation ourselves. In the past, there have been issues with pwgen
using low-entopy:
http://www.openwall.com/lists/oss-security/2012/01/22/6
http://www.openwall.com/lists/oss-security/2013/05/24/7
What do you think?
Thanks, and keep up the good work!
--
ilf
Über 80 Millionen Deutsche benutzen keine Konsole. Klick dich nicht weg!
-- Eine Initiative des Bundesamtes für Tastaturbenutzung
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20161114/aa0e817d/attachment-0001.asc>
More information about the Password-Store
mailing list