[Chugalug] silly perl one liner to randomize passwords

Billy flushy at flushy.net
Thu Mar 6 02:34:18 UTC 2014


And some FYI why I made some of those decisions.

>> On Wed, Mar 5, 2014 at 7:17 PM, Dan Lyke <danlyke at flutterby.com> wrote:
>> On Wed, 05 Mar 2014 18:46:07 -0500
>> # Reads 4x the argument count as base 64 bytes, substitutes out any
>> # non \w ([A-Za-z_0-9]) chars, returns the count bytes as random.

Condensed code was key. So, piping through base64 saved about 23 chars. I didn't have to use the

-MMIME::Base64

module arg.

Since I'm stripping out newlines and non-alphanums, I wanted to make sure I had enough chars to ensure I could substr to the desired length.

The *4 was arbitrary, base64 strings are ~33% larger than their binary counterparts. So in theory, I could have just read in that length and gotten enough chars. It may be more efficient to just add some bytes to the read. But how much? Base64 is a-zA-Z + . (Plus and period). On true random data, there's only a ~3% chance of getting those periods and plus sign, additionally, if the last output block does not pad exactly to 8bits, it adds two equals as a terminator.

So it was easier to just multiply by 4. For values more than 8, a multiple of two may have been fine.

>>    # return is assumed. People doing this in my code will be thrashed.

Leaving out the return saved 7 chars with the space char included.

>>   @P=split/:/;
>>   # If the password field [1] is '$6'
>>   if($P[1]=~/\$6/)

Bug: I should have anchored on the beginning of the line using ^

I thought about doing this as one long nasty regex, but even with my many years of perl experience -- I just wasn't ready to hurt my brain that much. Theoretically, you could craft a regex with the e modifier that will allow you to embed perl code inside the regex, then have a regex branch that would run one regex group or the other depending on a match. All in one nasty looking regex line. I wasn't sure how much space that would save vs my sanity. It failed my quick risk vs reward assessment.

>>      $s=&r(8);
>>      $p=&r(16);

I could have combined this as one call, removed the function and done two substr on the result to get the salt and password. I think the above is still shorter though.

>>   print $_;

This implicit print was my favorite thing about this whole exercise!

--b

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://chugalug.org/pipermail/chugalug/attachments/20140305/b41cf886/attachment.html>


More information about the Chugalug mailing list