pass generates very weak passwords with busybox's tr
Tobias Girstmair
t-passwd at girst.at
Tue Jul 16 21:37:01 CEST 2019
On Tue, Jul 16, 2019 at 09:18:30PM +0200, Tobias Girstmair wrote:
>I don't know which sed(1) Alpine packages, but you might be able to use
> sed 's/[^[:graph:]]//g'
>instead of tr(1). But I think requiring a greater-than-busybox is fine
>for pass.
Oh, as an addendum: busybox' tr just plowing through with a broken
character class seems wrong to me in general (this could fck up way more
than "just" passwords). Maybe the busybox maintainers could be convinced
to at least add a check for unknown character classes and exit? (I'm not
sure what the standards say about that, though)
More information about the Password-Store
mailing list