pass generates very weak passwords with busybox's tr

Tobias Girstmair t-passwd at
Tue Jul 16 21:37:01 CEST 2019

On Tue, Jul 16, 2019 at 09:18:30PM +0200, Tobias Girstmair wrote:
>I don't know which sed(1) Alpine packages, but you might be able to use
>	sed 's/[^[:graph:]]//g'
>instead of tr(1). But I think requiring a greater-than-busybox is fine 
>for pass.

Oh, as an addendum: busybox' tr just plowing through with a broken 
character class seems wrong to me in general (this could fck up way more 
than "just" passwords). Maybe the busybox maintainers could be convinced 
to at least add a check for unknown character classes and exit? (I'm not 
sure what the standards say about that, though)

More information about the Password-Store mailing list