PASSWORD_STORE_CHARACTER_SET_NO_SYMBOLS isn't respected
Marek Howard
marekhwd at gmail.com
Sat Jan 6 03:49:00 CET 2018
On Sat, Jan 06, 2018 at 03:35:48AM +0100, Tinu Weber wrote:
>On Sat, Jan 06, 2018 at 02:57:30 +0100, Marek Howard wrote:
>> export PASSWORD_STORE_CHARACTER_SET_NO_SYMBOLS="'"'"`'
>>
>> I want to forbid '"` characters in generated passwords mostly because it
>> screws up some generated configuration files. But even with this variable, I
>> can still occasionally see " and ' in generated passwords.
>>
>> [...]
>>
>> I'm using `pass generate foobar` to generate passwords.
>
>PASSWORD_STORE_CHARACTER_SET_NO_SYMBOLS is the set of characters used to
>generate passwords if you pass -n, --no-symbols. So there are two things
>to note here:
>
>1. You need to pass -n or --no-symbols to pass in order for
> PASSWORD_STORE_CHARACTER_SET_NO_SYMBOLS to have any effect. The
> equivalent variable for the unlimited character set is
> PASSWORD_STORE_CHARACTER_SET.
>
>2. You may want to specify characters you want to *keep*. Otherwise you
> will end up with passwords like these:
>
> ""'''``""'"`"``"````'`'"`
>
>However, I'm not sure if there is an elegant way to have the full set of
>[:graph:] as understood by tr(1) *without* the specified characters (and
>without changing the code to invoke tr(1) multiple times). So my best
>guess here is something like:
>
> PASSWORD_STORE_CHARACTER_SET='[:alnum:].,!?&*%_~$#^@{}[]()<>|=/\+-'
>
>(note that the - should go at the end, to avoid nasty surprises)
Thank you for the detailed explanation. It is my fault for not reading the man
page properly. It is a bit odd though the need to set both the variable and the
command line switch. Why isn't the "no-symbols" behaviour always on when the
variable is non-empty?
More information about the Password-Store
mailing list