diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2016-02-05 21:28:26 +0100 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2016-02-05 21:28:26 +0100 |
commit | 9715ddcd2b2a3f3ed0f27398048191ac2de60c8b (patch) | |
tree | 2aa298e3d099e434d4a87ee6cd47bd50533ef463 | |
parent | 3220fd7dec896a6ccdc16e857c102237209107ea (diff) |
generate: have a default length of 25
Folks are lazy and don't want to type very much, so they'd like to have
a default password length to generate that can be configured via
environment variables per usual. I'm making the default 25.
If the user forbids the use of symbols, pwgen will use a-zA-Z0-9,
ensuring that at least one A-Z and at least one 0-9 is used. We want to
have a password of at least 128-bits, so factoring in the issue with "at
least one of this character type", 25 gets us there squarely.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
-rw-r--r-- | man/pass.1 | 9 | ||||
-rwxr-xr-x | src/password-store.sh | 9 |
2 files changed, 12 insertions, 6 deletions
@@ -111,10 +111,11 @@ ensure that temporary files are created in \fI/dev/shm\fP in order to avoid writ difficult-to-erase disk sectors. If \fI/dev/shm\fP is not accessible, fallback to the ordinary \fITMPDIR\fP location, and print a warning. .TP -\fBgenerate\fP [ \fI--no-symbols\fP, \fI-n\fP ] [ \fI--clip\fP, \fI-c\fP ] [ \fI--in-place\fP, \fI-i\fP | \fI--force\fP, \fI-f\fP ] \fIpass-name pass-length\fP +\fBgenerate\fP [ \fI--no-symbols\fP, \fI-n\fP ] [ \fI--clip\fP, \fI-c\fP ] [ \fI--in-place\fP, \fI-i\fP | \fI--force\fP, \fI-f\fP ] \fIpass-name [pass-length]\fP Generate a new password using .BR pwgen (1) -of length \fIpass-length\fP and insert into \fIpass-name\fP. If \fI--no-symbols\fP or \fI-n\fP +of length \fIpass-length\fP (or \fIPASSWORD_STORE_GENERATED_LENGTH\fP if unspecified) +and insert into \fIpass-name\fP. If \fI--no-symbols\fP or \fI-n\fP is specified, do not use any non-alphanumeric characters in the generated password. If \fI--clip\fP or \fI-c\fP is specified, do not print the password but instead copy it to the clipboard using @@ -415,6 +416,10 @@ Specifies the number of seconds to wait before restoring the clipboard, by defau .I PASSWORD_STORE_UMASK Sets the umask of all files modified by pass, by default \fI077\fP. .TP +.I PASSWORD_STORE_GENERATED_LENGTH +The default password length if the \fIpass-length\fP parameter to \fBgenerate\fP +is unspecified. +.TP .I EDITOR The location of the text editor used by \fBedit\fP. .SH SEE ALSO diff --git a/src/password-store.sh b/src/password-store.sh index 6f85d3b..1425a59 100755 --- a/src/password-store.sh +++ b/src/password-store.sh @@ -15,6 +15,7 @@ which gpg2 &>/dev/null && GPG="gpg2" PREFIX="${PASSWORD_STORE_DIR:-$HOME/.password-store}" X_SELECTION="${PASSWORD_STORE_X_SELECTION:-clipboard}" CLIP_TIME="${PASSWORD_STORE_CLIP_TIME:-45}" +GENERATED_LENGTH="${PASSWORD_STORE_GENERATED_LENGTH:-25}" export GIT_DIR="${PASSWORD_STORE_GIT:-$PREFIX}/.git" export GIT_WORK_TREE="${PASSWORD_STORE_GIT:-$PREFIX}" @@ -234,8 +235,8 @@ cmd_usage() { overwriting existing password unless forced. $PROGRAM edit pass-name Insert a new password or edit an existing password using ${EDITOR:-vi}. - $PROGRAM generate [--no-symbols,-n] [--clip,-c] [--in-place,-i | --force,-f] pass-name pass-length - Generate a new password of pass-length with optionally no symbols. + $PROGRAM generate [--no-symbols,-n] [--clip,-c] [--in-place,-i | --force,-f] pass-name [pass-length] + Generate a new password of pass-length (or $GENERATED_LENGTH if unspecified) with optionally no symbols. Optionally put it on the clipboard and clear board after $CLIP_TIME seconds. Prompt before overwriting existing password unless forced. Optionally replace only the first line of an existing file with a new password. @@ -441,9 +442,9 @@ cmd_generate() { --) shift; break ;; esac done - [[ $err -ne 0 || $# -ne 2 || ( $force -eq 1 && $inplace -eq 1 ) ]] && die "Usage: $PROGRAM $COMMAND [--no-symbols,-n] [--clip,-c] [--in-place,-i | --force,-f] pass-name pass-length" + [[ $err -ne 0 || ( $# -ne 2 && $# -ne 1 ) || ( $force -eq 1 && $inplace -eq 1 ) ]] && die "Usage: $PROGRAM $COMMAND [--no-symbols,-n] [--clip,-c] [--in-place,-i | --force,-f] pass-name [pass-length]" local path="$1" - local length="$2" + local length="${2:-$GENERATED_LENGTH}" check_sneaky_paths "$path" [[ ! $length =~ ^[0-9]+$ ]] && die "Error: pass-length \"$length\" must be a number." mkdir -p -v "$PREFIX/$(dirname "$path")" |