New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix passgo generate to generate proper passwords #55

Merged
merged 4 commits into from Jan 4, 2019

Conversation

Projects
None yet
2 participants
@ejcx
Copy link
Owner

ejcx commented Jan 3, 2019

There was a problem with passgo generate for a long time. It just so happened
that if you requested to generate a very short password, but a very secure pass
then the program would return a password that was much longer than expected.

The reason for this was the program prioritized just getting you a strong
password, rather than getting you a password with your exact length reqs.

This fixes that issue by:
- Checks if you are requesting an impossible to satisfy password.
- Short possible to satisfy situations, continue to retry generation
- Stop returning passwords longer than the user asks for.

Hopefully this makes things work a little better.

Fix passgo generate to generate proper passwords
There was a problem with `passgo generate` for a long time. It just so happened
that if you requested to generate a very short password, but a very secure pass
then the program would return a password that was much longer than expected.

The reason for this was the program prioritized just getting you a strong
password, rather than getting you a password with your exact length reqs.

This fixes that issue by:
    - Checks if you are requesting an impossible to satisfy password.
    - Short possible to satisfy situations, continue to retry generation
    - Stop returning passwords longer than the user asks for.

Hopefully this makes things work a little better.
@ejcx

This comment has been minimized.

Copy link
Owner

ejcx commented Jan 3, 2019

@dmitshur here's a PR that I think fixes the problem in #52 . I've always hated that function so I am glad to rewrite it.

What do you think? I still don't love this, but it at least works properly

@dmitshur

This comment has been minimized.

Copy link
Contributor

dmitshur commented Jan 4, 2019

Thanks for working on this. At a high level, the new approach makes sense, and I agree that this is an improved user experience.

I haven’t had a chance to review thoroughly, but from a quick read, I didn’t see any issues.

The only thing I’ve spotted is that you haven’t updated the documentation to remove the note about passwords being longer sometimes.

ejcx added some commits Jan 4, 2019

Generate long enough passwords.
Fix bug associated with generating really long passwords.
Make sure the docs reflect reality in the generate command.
Change max pw length to 2048.
Nobody needs a 65535 length password. That is a ridiculous amount
of entropy with no specific real world use case, and shortening
the max length to 2048 vastly simplifies the logic of Generate
Password

@ejcx ejcx merged commit 1fbba68 into master Jan 4, 2019

3 checks passed

ci/circleci Your tests passed on CircleCI!
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
continuous-integration/travis-ci/push The Travis CI build passed
Details

@ejcx ejcx deleted the ej/fix-generate branch Jan 4, 2019

@ejcx

This comment has been minimized.

Copy link
Owner

ejcx commented Jan 4, 2019

@dmitshur merged! Found a few bugs when I went through it this morning and fixed them. Changed max pw length to 2048 since 65535 is ridiculous.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment