search

marius-wieschollek / passwords

A simple, yet feature rich password manager for Nextcloud
GNU Affero General Public License v3.0
208 stars 42 forks source link

Frequently Unsupported Special Character in Generated Passwords #542

Open JDDellGuy opened 1 year ago

JDDellGuy commented 1 year ago

Current Status The password generator seems to consistently include the € character when special characters are enabled for password generating. My observation is that a number of applications and websites do not accept this character in passwords. It also does not feel truly random that this character is included in nearly ALL generated passwords that had the "Special Characters" box selected.

Feature Description It would be sufficient if the selection of special characters was truly random. This would make it less likely for the € character to be included in the password and if it was, then the generator could just be refreshed to try generating a password without it. It may be worth considering to have the generator only use special characters that are most commonly accepted. A third box for "extended special characters" could be offered perhaps, if a user desired to generate passwords with an opportunity for including this and potentially other additional "strange" special characters.

Additional context Screenshot_20221110_043519

Luth1ng commented 1 year ago

A very large number of websites doesn't allow these "extended" special characters. The big issue here is that some websites seem to allow these characters, but the validation process just fail to work, and the password with extended special character doesn't work once we try to login. I know this is mostly a website issue, but this feature as described by @JDDellGuy would be much appreciated, specially in this case.

Otherwise, there is a workaround to this : manually edit RandomCharactersHelper.php/SpecialCharacterHelper.php to fit your needs (i.e. remove € character).

@marius-wieschollek any news on this ?

Luth1ng commented 1 year ago

Even Google doesn't support these characters. @marius-wieschollek is there any chance you worked on this ?

Workaround : 

ncpasswordsdir="/var/www/nextcloud/apps/passwords"

sed -i -E "/( ){12}('e'|'E')( => '€'),/d" $ncpasswordsdir/lib/Helper/Words/SpecialCharacterHelper.php
sed -i -E "s/(const CHARACTERS_[A-Z]{2}  = ')[^']+';/\1';/g; s/(const SPECIAL\s+= '[^']*)€([^']*)'/\1\2'/g" $ncpasswordsdir/lib/Helper/Words/RandomCharactersHelper.php
dfyx commented 4 months ago

I requested something similar almost six years ago in #97, never got a good answer. @Luth1ng, could you submit your changes as a pull request? The other non-ASCII characters that frequently show up in passwords are äöüÄÖÜß. I recently helped someone change their passwords for about 30 services and at least a third of them complained about generated passwords containing these characters.