Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
generate: Sometimes generates longer passwords than asked. #52
I've noticed that running
It happens with the default
To reproduce, run
Is this a bug or intentional behavior which isn't documented?
After reading the
It keeps appending to the password until it reaches the requested length, and also has at least one of all the required character types:
So in some rare cases, a password of length 24 doesn't yet satisfy all those requirements, so it becomes longer.
Ironically, this is documented here:
I just didn't think that applied because I didn't consider 24 to be a "very short length". Maybe it'd be good to rephrase it as something like:
Yeah @dmitshur, it totally is documented but at the time I didn't really know what to do, and didn't want to focus on the issue =]. Maybe I could try generating more than once? Perhaps after 100 generations if it doesn't find a password that meets the requirements, it could return a longer one.
I think rephrasing the documentation as I suggested at the bottom of #52 (comment) would be helpful.
Trying more than once isn't a bad idea, I think. Generating passwords is usually done relatively rarely, and isn't the bottleneck. I think you could consider having an upper bound on the time taken, not just iterations. For example, loop as long as 500 milliseconds have not yet passed. If
In general, this isn't a big problem. I mostly filed the issue because I was afraid this might be indicative of a serious bug, but it turned out to be the result of an intentional design decision.