Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 2 Aug 2014 13:39:16 +0400
From: Solar Designer <solar@...nwall.com>
To: passwdqc-users@...ts.openwall.com
Subject: Re: pwqgen not functioning as expected

On Tue, Jul 29, 2014 at 04:12:43PM -0700, Scott Ruckh wrote:
> I would like to use pwqgen to generate a 10 character password that has at
> least one upper case letter, at least one lower case letter, at least one
> digit, and at least one special character.

pwqgen doesn't do that.
Currently, it can only generate multi-word "phrases".

> I am running pwqgen using the following:
> 
> ./pwqgen config=../../etc/passwdqc.conf
> 
> passwdqc.conf is as follows
> ==========================================
> min=disabled,disabled,disabled,disabled,10
> max=10
> passphrase=0
> match=3
> similar=deny
> random=47
> enforce=everyone
> retry=3

Most of these settings, except for random=47, normally apply to pwqcheck
and to similar checks in libpasswdqc and pam_passwdqc, not to pwqgen.

> It is believed these settings should create a 10 character password
> (min/max =10) that must contain all 4 character classes, and no substring
> of <= 3 can match a dictionary word.
> 
> Unfortunately, with these settings the following error is returned.
> 
> pwqgen: Failed to generate a passphrase.
> This could happen for a number of reasons: you could have requested
> an impossible passphrase length, or the access to kernel random number
> pool could have failed.
> 
> If max is raised to 20 then a password such as, Canopy2Beware3swap, is
> generated.  Of course this password does not even contain all character
> classes (no special character).

Sure.  random=47 and max=10 is inconsistent.  The rest of the settings
do not affect pwqgen.

> Is there a way to use pwqgen in such a way that a 10-character password
> can be generated using the criteria stated earlier?

Currently, no.

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ