From 639c46a342466209e9b0600c2b3574bb44a0ff31 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Sun, 18 Dec 2016 16:13:18 +0100 Subject: generate: use /dev/urandom directly Passing to tr using the "pick and discard" technique is more straight- forwardly correct and less error-prone. It also allows users to select their own character sets to be passed to tr. --- COPYING | 2 +- README | 2 -- man/pass.1 | 26 ++++++++++++++++++++------ src/password-store.sh | 12 +++++++----- 4 files changed, 28 insertions(+), 14 deletions(-) diff --git a/COPYING b/COPYING index bacd3ea..2113e02 100644 --- a/COPYING +++ b/COPYING @@ -1,4 +1,4 @@ -Password Store is Copyright (C) 2012 Jason A. Donenfeld . All Rights Reserved. +Password Store is Copyright (C) 2012-2016 Jason A. Donenfeld . All Rights Reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/README b/README index 1cc01b9..eae3666 100644 --- a/README +++ b/README @@ -21,8 +21,6 @@ Depends on: http://www.git-scm.com/ - xclip http://sourceforge.net/projects/xclip/ -- pwgen - http://sourceforge.net/projects/pwgen/ - tree >= 1.7.0 http://mama.indstate.edu/users/ice/tree/ - GNU getopt diff --git a/man/pass.1 b/man/pass.1 index 33b6036..79ea79d 100644 --- a/man/pass.1 +++ b/man/pass.1 @@ -112,11 +112,12 @@ difficult-to-erase disk sectors. If \fI/dev/shm\fP is not accessible, fallback t the ordinary \fITMPDIR\fP location, and print a warning. .TP \fBgenerate\fP [ \fI--no-symbols\fP, \fI-n\fP ] [ \fI--clip\fP, \fI-c\fP ] [ \fI--in-place\fP, \fI-i\fP | \fI--force\fP, \fI-f\fP ] \fIpass-name [pass-length]\fP -Generate a new password using -.BR pwgen (1) -of length \fIpass-length\fP (or \fIPASSWORD_STORE_GENERATED_LENGTH\fP if unspecified) -and insert into \fIpass-name\fP. If \fI--no-symbols\fP or \fI-n\fP -is specified, do not use any non-alphanumeric characters in the generated password. +Generate a new password using \fB/dev/urandom\fP of length \fIpass-length\fP +(or \fIPASSWORD_STORE_GENERATED_LENGTH\fP if unspecified) and insert into +\fIpass-name\fP. If \fI--no-symbols\fP or \fI-n\fP is specified, do not use +any non-alphanumeric characters in the generated password. The character sets used +in generating passwords can be changed with the \fIPASSWORD_STORE_CHARACTER_SET\fP and +\fIPASSWORD_STORE_CHARACTER_SET_NO_SYMBOLS\fP environment variables, described below. If \fI--clip\fP or \fI-c\fP is specified, do not print the password but instead copy it to the clipboard using .BR xclip (1) @@ -420,11 +421,24 @@ Sets the umask of all files modified by pass, by default \fI077\fP. The default password length if the \fIpass-length\fP parameter to \fBgenerate\fP is unspecified. .TP +.I PASSWORD_STORE_CHARACTER_SET +The character set to be used in password generation for \fBgenerate\fP. This value +is to be interpreted by \fBtr\fP. See +.BR tr (1) +for more info. +.TP +.I PASSWORD_STORE_CHARACTER_SET_NO_SYMBOLS +The character set to be used in no-symbol password generation for \fBgenerate\fP, +when \fI--no-symbols\fP, \fI-n\fP is specified. This value is to be interpreted +by \fBtr\fP. See +.BR tr (1) +for more info. +.TP .I EDITOR The location of the text editor used by \fBedit\fP. .SH SEE ALSO .BR gpg2 (1), -.BR pwgen (1), +.BR tr (1), .BR git (1), .BR xclip (1). diff --git a/src/password-store.sh b/src/password-store.sh index 63be840..7b1d5a5 100755 --- a/src/password-store.sh +++ b/src/password-store.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -# Copyright (C) 2012 - 2014 Jason A. Donenfeld . All Rights Reserved. +# Copyright (C) 2012 - 2016 Jason A. Donenfeld . All Rights Reserved. # This file is licensed under the GPLv2+. Please see COPYING for more information. umask "${PASSWORD_STORE_UMASK:-077}" @@ -16,6 +16,8 @@ PREFIX="${PASSWORD_STORE_DIR:-$HOME/.password-store}" X_SELECTION="${PASSWORD_STORE_X_SELECTION:-clipboard}" CLIP_TIME="${PASSWORD_STORE_CLIP_TIME:-45}" GENERATED_LENGTH="${PASSWORD_STORE_GENERATED_LENGTH:-25}" +CHARACTER_SET="${PASSWORD_STORE_CHARACTER_SET:-[:graph:]}" +CHARACTER_SET_NO_SYMBOLS="${PASSWORD_STORE_CHARACTER_SET_NO_SYMBOLS:-[:alnum:]}" export GIT_DIR="${PASSWORD_STORE_GIT:-$PREFIX}/.git" export GIT_WORK_TREE="${PASSWORD_STORE_GIT:-$PREFIX}" @@ -431,12 +433,12 @@ cmd_edit() { } cmd_generate() { - local opts clip=0 force=0 symbols="-y" inplace=0 + local opts clip=0 force=0 characters="$CHARACTER_SET" inplace=0 pass opts="$($GETOPT -o ncif -l no-symbols,clip,in-place,force -n "$PROGRAM" -- "$@")" local err=$? eval set -- "$opts" while true; do case $1 in - -n|--no-symbols) symbols=""; shift ;; + -n|--no-symbols) characters="$CHARACTER_SET_NO_SYMBOLS"; shift ;; -c|--clip) clip=1; shift ;; -f|--force) force=1; shift ;; -i|--in-place) inplace=1; shift ;; @@ -454,8 +456,8 @@ cmd_generate() { [[ $inplace -eq 0 && $force -eq 0 && -e $passfile ]] && yesno "An entry already exists for $path. Overwrite it?" - local pass="$(pwgen -s $symbols $length 1)" - [[ -n $pass ]] || exit 1 + read -r -n $length pass < <(LC_ALL=C tr -dc "$characters" < /dev/urandom) + [[ ${#pass} -eq $length ]] || die "Could not generate password from /dev/urandom." if [[ $inplace -eq 0 ]]; then $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" "${GPG_OPTS[@]}" <<<"$pass" || die "Password encryption aborted." else -- cgit v1.2.3