Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Random char replacement breaks password requirements #13

Open
davemcphee opened this issue Jan 31, 2018 · 0 comments
Open

Random char replacement breaks password requirements #13

davemcphee opened this issue Jan 31, 2018 · 0 comments

Comments

@davemcphee
Copy link

Lets say I run this with --capitalize and --numerals, and the following line:

passwd = "".join(choice(letters) for x in range(pw_length))

returns the string Abcdefg

The first if if capitalize... passes, but the second if (if numerals...) will cause a random character to be substituted with a numeral.

It's very possible that the character to be substituted is the only capital letter, A, thereby returning a password that doesn't conform to the requirements --capitalize and --numerals.
MichiK added a commit to MichiK/pwgen that referenced this issue Jul 28, 2018
@MichiK
Fix long non-ambiguous passwords
583ba32 
If no_ambiguous is set, the ambiguous characters are now replaced one
by one instead of throwing away the password and trying to generate
a new one. This was a problem when generating long, non-ambiguous
passwords.

In addition, when symbols, numerals or capital letters are enforced,
these characters will no longer be inserted at random positions in
the password. Instead, they will only replace lowercase letters, if
available. Otherwise, it was possible to e.g. overwrite the single
numeral with a symbol if numerals and symbols are set and only one
numeral but no symbols were present in the password (closes vinces1979#13).
MichiK added a commit to MichiK/pwgen that referenced this issue Jul 28, 2018
@MichiK
Fix long non-ambiguous passwords
59e38ce 
If no_ambiguous is set, the ambiguous characters are now replaced one
by one instead of throwing away the password and trying to generate
a new one. This was a problem when generating long, non-ambiguous
passwords.

In addition, when symbols, numerals or capital letters are enforced,
these characters will no longer be inserted at random positions in
the password. Instead, they will only replace lowercase letters, if
available. Otherwise, it was possible to e.g. overwrite the single
numeral with a symbol if numerals and symbols are set and only one
numeral but no symbols were present in the password (closes vinces1979#13).
@MichiK MichiK mentioned this issue Jul 28, 2018
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@davemcphee