tytso / pwgen

Automatic Password generation
83 stars 18 forks source link

Fix an old bug and add options to include and enforce additional characters #9

Open stefanct opened 3 years ago

stefanct commented 3 years ago

Hi, I got annoyed by the need to include at least one symbol character in passwords but didn't want to use just any symbol but specifically _ because it gets included in double-click selections in my terminal. So I added two options... one simply allows the user to supply a string of characters that should get included in the pool of valid characters (i.e. kind of the reverse of --remove-chars). The other one does not only add the characters but also tests if they are included in the resulting password. The latter dramatically increases the runtime up to infinity if conflicting settings are chosen but it does not tinker with the randomness whatsoever (which I think is more important). I have split the enforcement patch into two: The first does only check if any of the given characters is included at least once in every resulting password. The second one changes that to test that all of the characters are included at least once, which is far less likely to happen at random thus increases the runtime a lot more (exponentially in the length of the string AFAICS) but is likely more useful to potential users.

I have not put much thought into refactoring anything (e.g., the prototypes get a bit bloated) but I don't think there is too much to gain.

The patches do not include changes to the manpage yet. I'd like to have some feedback first. Cheers.

PS: find_chars could simply be replaced with strpbrk AFAICT.