From 24aebc2729baaa231ba2e170bc5750995d5b1d52 Mon Sep 17 00:00:00 2001 From: Dennis Eriksen Date: Fri, 8 Sep 2023 07:45:58 +0200 Subject: Throw away $RANDOM numbers at the right places I got some suspiciously similar passwords and had to take a closer look to make sure we throw away $RANDOM at the right places. $RANDOM - from the zsh documentation: > The values of RANDOM form an intentionally-repeatable pseudo-random sequence; > subshells that reference RANDOM will result in identical pseudo-random values > unless the value of RANDOM is referenced or seeded in the parent shell in > between subshell invocations. I think it's fixed now. --- makepass.zsh | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/makepass.zsh b/makepass.zsh index cc3d404..11e6f69 100755 --- a/makepass.zsh +++ b/makepass.zsh @@ -43,6 +43,14 @@ typeset -ga WORDS # Array of words from WORDLIST typeset -gi COL_WIDTH # Width of columns we will be printing typeset -gi COL_NUM # Number of columns to print +# GOTCHAs: +# +# $RANDOM - from the zsh documentation: +# > The values of RANDOM form an intentionally-repeatable pseudo-random sequence; +# > subshells that reference RANDOM will result in identical pseudo-random values +# > unless the value of RANDOM is referenced or seeded in the parent shell in +# > between subshell invocations. +# So remember to throw away a $RANDOM between subshell invocations! # # Functions @@ -117,15 +125,15 @@ function main() { # Print! # - print_columns "Passwords with special characters" $NUMBER $NORMAL + print_columns "Normal passwords" $NUMBER $NORMAL - print; : $RANDOM # Just to make sure we get a fresh number + print; : $RANDOM # Throw away print_columns "Passwords with special characters" $((NUMBER/3*2+1)) $SPECIAL # Passphrases - but only if a wordlist is available if [[ -r $WORDLIST ]] && ((NUMBER / 2 > 0)); then - print; : $RANDOM + print; : $RANDOM # Throw away print "Passphrases:" # Read wordlist into array WORDS=(${(f)"$(<$WORDLIST)"}) @@ -136,12 +144,13 @@ function main() { # Function to print passwords in neat columns function print_columns() { + : $RANDOM # Throw away local title=$1 local num=$2 local chars=$3 local -i i=0 - local strings=($(repeat $num { randstring $chars; : $RANDOM })) + local strings=($(repeat $num { randstring $chars })) print -- "${title}:" -- cgit v1.2.3