aboutsummaryrefslogtreecommitdiffstatshomepage
diff options
context:
space:
mode:
authorJason A. Donenfeld <Jason@zx2c4.com>2016-12-18 16:13:18 +0100
committerJason A. Donenfeld <Jason@zx2c4.com>2016-12-20 19:31:05 +0100
commit639c46a342466209e9b0600c2b3574bb44a0ff31 (patch)
tree032a94e458e4d0303be634ba641c20e4a588f07e
parentdmenu: read likes -r (diff)
downloadpassword-store-639c46a342466209e9b0600c2b3574bb44a0ff31.tar.xz
password-store-639c46a342466209e9b0600c2b3574bb44a0ff31.zip
generate: use /dev/urandom directly
Passing to tr using the "pick and discard" technique is more straight- forwardly correct and less error-prone. It also allows users to select their own character sets to be passed to tr.
-rw-r--r--COPYING2
-rw-r--r--README2
-rw-r--r--man/pass.126
-rwxr-xr-xsrc/password-store.sh12
4 files changed, 28 insertions, 14 deletions
diff --git a/COPYING b/COPYING
index bacd3ea..2113e02 100644
--- a/COPYING
+++ b/COPYING
@@ -1,4 +1,4 @@
-Password Store is Copyright (C) 2012 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+Password Store is Copyright (C) 2012-2016 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
diff --git a/README b/README
index 1cc01b9..eae3666 100644
--- a/README
+++ b/README
@@ -21,8 +21,6 @@ Depends on:
http://www.git-scm.com/
- xclip
http://sourceforge.net/projects/xclip/
-- pwgen
- http://sourceforge.net/projects/pwgen/
- tree >= 1.7.0
http://mama.indstate.edu/users/ice/tree/
- GNU getopt
diff --git a/man/pass.1 b/man/pass.1
index 33b6036..79ea79d 100644
--- a/man/pass.1
+++ b/man/pass.1
@@ -112,11 +112,12 @@ difficult-to-erase disk sectors. If \fI/dev/shm\fP is not accessible, fallback t
the ordinary \fITMPDIR\fP location, and print a warning.
.TP
\fBgenerate\fP [ \fI--no-symbols\fP, \fI-n\fP ] [ \fI--clip\fP, \fI-c\fP ] [ \fI--in-place\fP, \fI-i\fP | \fI--force\fP, \fI-f\fP ] \fIpass-name [pass-length]\fP
-Generate a new password using
-.BR pwgen (1)
-of length \fIpass-length\fP (or \fIPASSWORD_STORE_GENERATED_LENGTH\fP if unspecified)
-and insert into \fIpass-name\fP. If \fI--no-symbols\fP or \fI-n\fP
-is specified, do not use any non-alphanumeric characters in the generated password.
+Generate a new password using \fB/dev/urandom\fP of length \fIpass-length\fP
+(or \fIPASSWORD_STORE_GENERATED_LENGTH\fP if unspecified) and insert into
+\fIpass-name\fP. If \fI--no-symbols\fP or \fI-n\fP is specified, do not use
+any non-alphanumeric characters in the generated password. The character sets used
+in generating passwords can be changed with the \fIPASSWORD_STORE_CHARACTER_SET\fP and
+\fIPASSWORD_STORE_CHARACTER_SET_NO_SYMBOLS\fP environment variables, described below.
If \fI--clip\fP or \fI-c\fP is specified, do not print the password but instead copy
it to the clipboard using
.BR xclip (1)
@@ -420,11 +421,24 @@ Sets the umask of all files modified by pass, by default \fI077\fP.
The default password length if the \fIpass-length\fP parameter to \fBgenerate\fP
is unspecified.
.TP
+.I PASSWORD_STORE_CHARACTER_SET
+The character set to be used in password generation for \fBgenerate\fP. This value
+is to be interpreted by \fBtr\fP. See
+.BR tr (1)
+for more info.
+.TP
+.I PASSWORD_STORE_CHARACTER_SET_NO_SYMBOLS
+The character set to be used in no-symbol password generation for \fBgenerate\fP,
+when \fI--no-symbols\fP, \fI-n\fP is specified. This value is to be interpreted
+by \fBtr\fP. See
+.BR tr (1)
+for more info.
+.TP
.I EDITOR
The location of the text editor used by \fBedit\fP.
.SH SEE ALSO
.BR gpg2 (1),
-.BR pwgen (1),
+.BR tr (1),
.BR git (1),
.BR xclip (1).
diff --git a/src/password-store.sh b/src/password-store.sh
index 63be840..7b1d5a5 100755
--- a/src/password-store.sh
+++ b/src/password-store.sh
@@ -1,6 +1,6 @@
#!/usr/bin/env bash
-# Copyright (C) 2012 - 2014 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+# Copyright (C) 2012 - 2016 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
# This file is licensed under the GPLv2+. Please see COPYING for more information.
umask "${PASSWORD_STORE_UMASK:-077}"
@@ -16,6 +16,8 @@ PREFIX="${PASSWORD_STORE_DIR:-$HOME/.password-store}"
X_SELECTION="${PASSWORD_STORE_X_SELECTION:-clipboard}"
CLIP_TIME="${PASSWORD_STORE_CLIP_TIME:-45}"
GENERATED_LENGTH="${PASSWORD_STORE_GENERATED_LENGTH:-25}"
+CHARACTER_SET="${PASSWORD_STORE_CHARACTER_SET:-[:graph:]}"
+CHARACTER_SET_NO_SYMBOLS="${PASSWORD_STORE_CHARACTER_SET_NO_SYMBOLS:-[:alnum:]}"
export GIT_DIR="${PASSWORD_STORE_GIT:-$PREFIX}/.git"
export GIT_WORK_TREE="${PASSWORD_STORE_GIT:-$PREFIX}"
@@ -431,12 +433,12 @@ cmd_edit() {
}
cmd_generate() {
- local opts clip=0 force=0 symbols="-y" inplace=0
+ local opts clip=0 force=0 characters="$CHARACTER_SET" inplace=0 pass
opts="$($GETOPT -o ncif -l no-symbols,clip,in-place,force -n "$PROGRAM" -- "$@")"
local err=$?
eval set -- "$opts"
while true; do case $1 in
- -n|--no-symbols) symbols=""; shift ;;
+ -n|--no-symbols) characters="$CHARACTER_SET_NO_SYMBOLS"; shift ;;
-c|--clip) clip=1; shift ;;
-f|--force) force=1; shift ;;
-i|--in-place) inplace=1; shift ;;
@@ -454,8 +456,8 @@ cmd_generate() {
[[ $inplace -eq 0 && $force -eq 0 && -e $passfile ]] && yesno "An entry already exists for $path. Overwrite it?"
- local pass="$(pwgen -s $symbols $length 1)"
- [[ -n $pass ]] || exit 1
+ read -r -n $length pass < <(LC_ALL=C tr -dc "$characters" < /dev/urandom)
+ [[ ${#pass} -eq $length ]] || die "Could not generate password from /dev/urandom."
if [[ $inplace -eq 0 ]]; then
$GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" "${GPG_OPTS[@]}" <<<"$pass" || die "Password encryption aborted."
else