Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

if flags -m and -x are mixed, -m is always used and the generated password is not between -m and -x chars long #13

Closed
opsec opened this issue Apr 16, 2021 · 2 comments
Closed

if flags -m and -x are mixed, -m is always used and the generated password is not between -m and -x chars long #13

opsec opened this issue Apr 16, 2021 · 2 comments
Assignees
@wneessen
Labels
enhancement New feature or request

Comments

@opsec
Copy link

opsec commented Apr 16, 2021

The old c-lang version of apg had options -m and -x (for min and max length of the password)

If one used -m 15 -x 20, the generated password was between 15 and 20 chars long.

The new go version prefers -m before -x, so a -m 4 -x 20 will always produce passwords of length 4.

Can the old behaviour be brought back ?
@wneessen
Copy link
Owner

Thanks for the suggestion, that's definetely a possibility. I'll have a look at it

@wneessen wneessen self-assigned this Apr 16, 2021
@wneessen wneessen added the enhancement New feature or request label Apr 16, 2021
wneessen added a commit that referenced this issue Apr 17, 2021
@wneessen
v0.3.1: New password length behaviour
9277e83 
To address issue #13, the password length behaviour of the
original APG has been reproduced. Previously, when a minLength
of 5 and a maxLength of 10 was given, apg-go se the pwLength to
the preferred maxLength.

With v0.3.1 it will choose a random length between minLength and
maxLength instead, same as the original C-lang apg did. For this
the minLength has been defaulted to a sane value of 12 (instead
of the 8 of the original apg). The default for maxLength stayed
at 20.

Also the default number of generated passwords has been changed
from 1 to 6, to replicate the behaviour of the original apg.
@wneessen wneessen mentioned this issue Apr 17, 2021
Merged
wneessen added a commit that referenced this issue Apr 17, 2021
@wneessen
v0.3.1: New password length behaviour
eaf4a4c 
To address issue #13, the password length behaviour of the
original APG has been reproduced. Previously, when a minLength
of 5 and a maxLength of 10 was given, apg-go se the pwLength to
the preferred maxLength.

With v0.3.1 it will choose a random length between minLength and
maxLength instead, same as the original C-lang apg did. For this
the minLength has been defaulted to a sane value of 12 (instead
of the 8 of the original apg). The default for maxLength stayed
at 20.

Also the default number of generated passwords has been changed
from 1 to 6, to replicate the behaviour of the original apg.
@wneessen
Copy link
Owner

This has been addressed in release v0.3.1

freebsd-git pushed a commit to freebsd/freebsd-ports that referenced this issue Apr 18, 2021
@egypcio
security/apg: update 0.3.0 to 0.3.1
88a2209 
  * fix generating a password while -m and -x were passed together;
    - wneessen/apg-go#13

  * minLength changed from 8 to 12 (just like original APG version);

  * maxLength stays 20.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@wneessen wneessen

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wneessen @opsec