pass generates very weak passwords with busybox's tr
Daniel Janus
dj at danieljanus.pl
Wed Jul 17 09:51:51 CEST 2019
On Tue, Jul 16, 2019 at 09:44:30PM +0200, Allan Odgaard wrote:
> Btw: Since they support both alnum and punct, I think you can use this:
>
> read -r -n 12 pass < <(LC_ALL=C tr -dc '[:punct:][:alnum:]' < /dev/urandom); echo $pass
That does indeed work.
> Maybe submit a PR and see what Jason says.
>
> But I think it would be better to submit a PR toward BusyBox’s tr
> implementation.
I actually think it'd be beneficial to do both. Even when BusyBox gets
patched, propagating that patch to end users will take time. Plus,
there are other implementations. In fact, I've spot-checked a few:
- macOS's tr: I have no access to a Mac ATM, but the documentation
mentions `[:graph:]`, so presumably it works.
- Heirloom Project's tr: `[:graph:]` works.
- Toybox: tr is not built by default, but an implementation is present
in the `pending` directory. Same situation as with Busybox: it doesn't
support `[:graph:]`, but the `[:punct:][:alnum:]` trick works.
Thanks,
Daniel
More information about the Password-Store
mailing list