Date: Sat, 2 Aug 2014 13:39:16 +0400 From: Solar Designer <solar@...nwall.com> To: passwdqc-users@...ts.openwall.com Subject: Re: pwqgen not functioning as expected On Tue, Jul 29, 2014 at 04:12:43PM -0700, Scott Ruckh wrote: > I would like to use pwqgen to generate a 10 character password that has at > least one upper case letter, at least one lower case letter, at least one > digit, and at least one special character. pwqgen doesn't do that. Currently, it can only generate multi-word "phrases". > I am running pwqgen using the following: > > ./pwqgen config=../../etc/passwdqc.conf > > passwdqc.conf is as follows > ========================================== > min=disabled,disabled,disabled,disabled,10 > max=10 > passphrase=0 > match=3 > similar=deny > random=47 > enforce=everyone > retry=3 Most of these settings, except for random=47, normally apply to pwqcheck and to similar checks in libpasswdqc and pam_passwdqc, not to pwqgen. > It is believed these settings should create a 10 character password > (min/max =10) that must contain all 4 character classes, and no substring > of <= 3 can match a dictionary word. > > Unfortunately, with these settings the following error is returned. > > pwqgen: Failed to generate a passphrase. > This could happen for a number of reasons: you could have requested > an impossible passphrase length, or the access to kernel random number > pool could have failed. > > If max is raised to 20 then a password such as, Canopy2Beware3swap, is > generated. Of course this password does not even contain all character > classes (no special character). Sure. random=47 and max=10 is inconsistent. The rest of the settings do not affect pwqgen. > Is there a way to use pwqgen in such a way that a 10-character password > can be generated using the criteria stated earlier? Currently, no. Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.