[Chugalug] silly perl one liner to randomize passwords
flushy at flushy.net
Thu Mar 6 02:34:18 UTC 2014
And some FYI why I made some of those decisions.
>> On Wed, Mar 5, 2014 at 7:17 PM, Dan Lyke <danlyke at flutterby.com> wrote:
>> On Wed, 05 Mar 2014 18:46:07 -0500
>> # Reads 4x the argument count as base 64 bytes, substitutes out any
>> # non \w ([A-Za-z_0-9]) chars, returns the count bytes as random.
Condensed code was key. So, piping through base64 saved about 23 chars. I didn't have to use the
Since I'm stripping out newlines and non-alphanums, I wanted to make sure I had enough chars to ensure I could substr to the desired length.
The *4 was arbitrary, base64 strings are ~33% larger than their binary counterparts. So in theory, I could have just read in that length and gotten enough chars. It may be more efficient to just add some bytes to the read. But how much? Base64 is a-zA-Z + . (Plus and period). On true random data, there's only a ~3% chance of getting those periods and plus sign, additionally, if the last output block does not pad exactly to 8bits, it adds two equals as a terminator.
So it was easier to just multiply by 4. For values more than 8, a multiple of two may have been fine.
>> # return is assumed. People doing this in my code will be thrashed.
Leaving out the return saved 7 chars with the space char included.
>> # If the password field  is '$6'
Bug: I should have anchored on the beginning of the line using ^
I thought about doing this as one long nasty regex, but even with my many years of perl experience -- I just wasn't ready to hurt my brain that much. Theoretically, you could craft a regex with the e modifier that will allow you to embed perl code inside the regex, then have a regex branch that would run one regex group or the other depending on a match. All in one nasty looking regex line. I wasn't sure how much space that would save vs my sanity. It failed my quick risk vs reward assessment.
I could have combined this as one call, removed the function and done two substr on the result to get the salt and password. I think the above is still shorter though.
>> print $_;
This implicit print was my favorite thing about this whole exercise!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Chugalug