Open eternaleye opened 1 year ago
actually we are able to define password rules in the cli fronted as described in https://github.com/stef/pwdsphinx/blob/master/whitepaper.org#password-rules
admittedly this defines the allowed characters, not the required number of characters from the different classes, so yeah that could use some improvement. most of the time though due to the length of the generated password the minimum requirements are satisfied.
the logic which implements the conversion from rwd to final password is implemented here: https://github.com/stef/pwdsphinx/blob/master/pwdsphinx/bin2pass.py
but we also have a different converter, one that converts the rwd into an age keypair: https://github.com/stef/pwdsphinx/blob/master/contrib/sphage.py
i would be stoked if we had other, or better rwd-to-... converters!
please close this issue if you feel that the above answers satisfy your request, if not, please elaborate why.
One limiting factor for password managers that generate (rather than storing) passwords is that many sites have restrictive password policies. However, most password policies can be described as regular languages (possibly in a composable/modular manner, as they are closed under intersection). Because regular languages can be sampled from uniformly, this may offer a clean way to support sites with restrictive password policies without sacrificing security.
In the paper Uniform Sampling for Networks of Automata, Section 2.1 "Cardinalities and fixed length uniform sampling" sketches a simple algorithm for doing this for arbitrary fixed output length (which would match the current behavior, of always emitting 40-character
rwd
values). However, another approach would be to include the "preferred" output length for each site as part of the policy language, and use the algorithm described in section 2.2 "Generating functions and Boltzmann sampling". Both of these do presume the regular language has been transformed to a DFA.