[Toybox] [New Toy] pwgen
Rob Landley
rob at landley.net
Mon Dec 7 23:50:11 PST 2020
On 12/8/20 12:40 AM, enh wrote:
>
>
> On Mon, Dec 7, 2020 at 9:07 PM Rob Landley <rob at landley.net
> <mailto:rob at landley.net>> wrote:
>
> On 12/7/20 10:52 PM, Rob Landley wrote:
> > Hmmm, this is producing a LOT more capital letters than the other version,
> which
> > also falls under "human readable affordance". let's see... Top bit of entropy
> > per byte isn't really used, so I'll squelch capitals when it's set. (That
> should
> > make 1/4 of letters capital.)
> ...
> > That's still a very different character distribution. He's squelching more
> > capitals than I am, and at least half the punctuation...
>
> Forgot to mention I used the same high bit squelch trick to suppress half the
> punctuation. The result still has more punctuation on average yet isn't
> guaranteed to have punctuation in EACH generated password, but...
>
> > Which is... eh? Close enough?
>
> Checked in the cleanup, and promoted it to toys/other.
>
> I note that -s isn't hooked up to anything. Maybe I should make it disable the
> two squelches? Yeah, I'll do that...
>
>
> i think that the toybox implementation is effectively "always -s" because it's
> just using random characters, and not doing the "pronounceable" bit. try reading
> out your own example:
A) first I've heard of it (I didn't use this command before and was just
cleaning up the submission based on what it was already doing),
B) pronounceable?
wa quote zo nine ea?
tu capital-n g right square bracket seven e?
eja left parentheses X 5 ee?
> $ pwgen -y
> Eegae:B9 pee3Boh{ Hie~j3Lu aew)a3Jo zae'Cho5 quah!Ph5 EJa(X5Ee zui7Aez)
> Too2Ed)o kap.ae4L ahj$i8Se Aile-ch4 nah+w3Ea wa"Zo9ea Shu4dae+ tuNg]u7e
> giY!oc9o duG5eiz- sahc7eS* ooPi at z0e eX7nei_d iV/ae1se eiQu4om^ Ni>pig1o
>
> and then try to read the toybox ones out instead:
>
> $ toybox pwgen -y
> p:Q1$h=C h6W`ieZ< Q`o!b|+) 1apBp}nT er at 7mKgi waAqC[7i v<y\:jzt [#o=Nw7w
> tx1^1Uo[ o`B]y84{ wjdsl>%n R=<h[*0" #m*+(z!( qbZf,3h) fs&oc1C0 `?#-sstC
> r`mR{ht{ i%g'FA$> ofy=#t}7 rCRWEmlq 7A;/`|}= rvqv|swe wT\z-(sw ,Cr*y6c.
>
> i suspect the real thing is meant to be something more
> like https://nvlpubs.nist.gov/nistpubs/Legacy/FIPS/fipspub181.pdf ?
>
> the interesting bit seems to be:
>
> /*
> * Generate next unit to password, making sure that it follows
> * these rules:
> * 1. Each syllable must contain exactly 1 or 2 consecutive
> * vowels, where y is considered a vowel.
> * 2. Syllable end is determined as follows:
> * a. Vowel is generated and previous unit is a
> * consonant and syllable already has a vowel. In
> * this case, new syllable is started and already
> * contains a vowel.
> * b. A pair determined to be a "break' pair is encountered.
> * In this case new syllable is started with second unit
> * of this pair.
> * c. End of password is encountered.
> * d. "begin" pair is encountered legally. New syllable is
> * started with this pair.
> * e. "end" pair is legally encountered. New syllable has
> * nothing yet.
> * 3. Try generating another unit if:
> * a. third consecutive vowel and not y.
> * b. "break" pair generated but no vowel yet in current
> * or previous 2 units are "not_end .
> * c. "begin" pair generated but no vowel in syllable
> * preceding begin pair, or both previous 2 pairs are
> * designated "not_end".
> * d. "end" pair generated but no vowel in current syllable
> * or in "end" pair.
> * e. "not_begin" pair generated but new syllable must
> * begin (because previous syllable ended as defined in
> * 2 above).
> * f. vowel is generated and 2a is satisfied, but no syllable
> * break is possible in previous 3 pairs.
> * g. Second and third units of syllable must begin, and
> * first unit is "altemate_vowel".
> */
[Reads the above three times. Remains unenlightened.]
Given that I've been failing to learn japanese for almost 5 years including 20
minutes on it earlier today, if I _should_ do something like this I'd probably
just program in the hiragana syllabary and have it pick from there instead of
letters, then output romanji. :)
The resulting loss of entropy in 8 chars is still a thing though. And where to
throw in the random capitalizations... (I'd say a capital number is something
from the punctuation list except the puncuation list is over twice as long...)
In any case, it's a complete rewrite of the password generation logic, although
that's now a drop-in replacement for a tiny code block. If you think it's worth
doing, I can do it...
Rob
More information about the Toybox
mailing list