New domain wizard: forcing characters does not work

[Wikinaut]

I chose "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-+/$" as character set, and then I activated the checkboxes for forced "digits" and "extra" character, thenI clicked "accept"

None of "-+/$" characters were present in generated test passwords e.g. "AXKq3WavkBGyHRR8".

[Wikinaut]

I understand that "extra" means the non-digits, non-uppercase, non-lower characters, in the above case the "-+/$", but this is my view.

If I am wrong, then please explain what you mean by saying "extra" characters.

[607011]

Extra characters are the ones you get when clicking on the button #!".…

[607011]

This issue has a very low priority.

[Wikinaut]

Oliver:

My user story:

As a user of your program, I clicked on "New domain". I entered a new domain name, then a large set of characters appears. Then I edited the set, so that the string "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-+/$" as set of allowable characters for the password remained.

Then I clicked force "digits" and force "extra".

What did I expect ?

I expect that exact this set of characters shown in the box is used, and when I force certain characters, that these characters are "forced": that at least of of the group/s must be character of the password.

Your explanation is not a help, and is even more an indication, that there is a bug.

Why is it a bug ?

If the button "force extra" force the ones you get when clicking the button #!"._, as you said above, then it's a bug, because these character are not* used as I proved in many tests.

[607011]

@Wikinaut Thanks for your input.

You asked: "please explain what you mean by saying 'extra' characters". I answered ;-) And I also flagged this issue as a bug promptly afterwards.

[607011]

Considering the idea of password templates as used by Master Password …

Also considering to streamline the code flow: No longer display the process of generating an appropriate password in real-time, but do this in one go and present the result afterwards.

[607011]

Resolved by commit cc85d8daddcb201c9e448cb62d2ab0f6f9bbe2c8.

[Wikinaut]

not working. Endless loop.

Try: New domain. Set password length = 3, set of characters: "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-+/$" force digits, force extra

--> endless loop (salt1, salt2, .....)

[607011]

Not confirmed.

@Wikinaut, for your understanding: The generated password varies by picking random salts. Only by luck (and that may take some time) a password is found that matches the rules.

The loop will end eventually. Be patient!

When #74 is implemented generation time will only depend on the length of the password and not on chance. That means, your password will typically be ready in tens of milliseconds.

[Wikinaut]

It is not doing that. Try it with a password length of 3. There are not so many passwords with 3 characters from "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-+/$".

Also, when you have a longer password, and when you later generate a new password with a shorter length, the new generated password does not fulfill the criteria "force digits" and "force extra". So you probably do not store these restriction/s for subsequent generation of a new password for that domain.

[Wikinaut]

After a while looping (to find a suited password with 3 characters), the program crashes with a restart and asks me for the master password.

[607011]

@Wikinaut You're right: Qt-SESAM does not store the values of "force …". I'm not happy with that but it suits as an intermediate solution.

With #74 that will be fixed.

[Wikinaut]

Let me suggest that you save all parameters always.

[607011]

ACK.

[607011]

BTW, with your proposed settings, I've never experienced an "endless loop" like you did.

How long is your salt (see Extras/Options/Misc)?

[607011]

"the program crashes with a restart and asks me for the master password" -> see #76

[Wikinaut]

Salt is 16 Bytes.

Clarification: in my previous post "the program crashes with a restart and asks me for the master password." I meant, that after a while (endless loop in a minimized QtSesam window), the password generation endless loop apparently stopped, and the main program opened the password box up (it was not a "crash" in the strict sense).

Perhaps the reason for this is simply the setting Extra > Options > Misc > (Invalidate master password after) 5 minutes ?

[607011]

Thanks, @Wikinaut. Yes, exactly that's the reason. That's why I introduced issue #76.

[Wikinaut]

Regarding your "The loop will end eventually. Be patient!", perhaps you know https://github.com/samr7/vanitygen . Vanitygen on my computer tries ~570.000 keys per second.

[607011]

Mine does ~740 Kkeys/s in 64 bit mode and ~480 Kkeys/s in 32 bit mode (run on Windows 7 64 bit).

[607011]

@Wikinaut How many iterations did you choose in your experiments? 8192? Less? Or far more?

[Wikinaut]

4096

[Wikinaut]

Correction: The New domain window shows 8192. The main window shows 4096 (uh, another bug)

[607011]

"uh, another bug" — not reproducible. After "Accept"ing the settings in New Domain Wizard all settings are correctly transferred to the main window.

[Wikinaut]

Okay, I see what you mean, you are correct: when I "load" an existing domain, the stored value is shown (in my case: 8192).

But the shown default value in the main window (prior to loading from "New domain") should be equal to the standard default value in the New domain window.

[607011]

ACK. That's perhaps misleading. See 5ecbc72d2861fa8c4ee71e70cdd15467ad7831e7 — Better?