# HG changeset patch # User Franz Glasner # Date 1739008322 -3600 # Node ID 42f7ecd70ec1aaf798ea492c1f9d5707d2ce3098 # Parent 86417af99561cede396dc1119bebfb88adf98e41 genpwd: Renamed algorithms and changed restricted the WEB character repertoire to not use delims and sub-delims from URLs and URIs diff -r 86417af99561 -r 42f7ecd70ec1 cutils/genpwd.py --- a/cutils/genpwd.py Sat Feb 08 10:39:49 2025 +0100 +++ b/cutils/genpwd.py Sat Feb 08 10:52:02 2025 +0100 @@ -27,11 +27,15 @@ from . import (__version__, __revision__) +# +# Unreserved characters according to RFC 1738 (URL) **and** RFC 3986 (URI) +# No general delimiters and no sub-delimiters. +# WEB_CHARS = (b"ABCDEFGHIJKLMNOPQRSTUVWYXZabcdefghijklmnopqrstuvwxyz" - b"0123456789.,-_;!()[]{}*") -WEB_SAFE_CHARS = (b"ABCDEFGHJKLMNPQRSTUVWYXZabcdefghijkmnopqrstuvwxyz" - b"23456789.,-_;!") -WEB_SAFE2_CHARS = b".,-_;!" + WEB_SAFE_CHARS # prefer punctionation chars + b"0123456789-._") +SAFE_WEB_CHARS = (b"ABCDEFGHJKLMNPQRSTUVWYXZabcdefghijkmnopqrstuvwxyz" + b"23456789-._") +SAFE_WEB_CHARS_2 = b".-_" + SAFE_WEB_CHARS # prefer punctionation chars # Most visible characters but no space FULL_ASCII = (b"0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ" b"abcdefghijklmnopqrstuvwxyz!#$%&/()*+-.,:;<=>?@^_`[\\]{|}'\"~") @@ -66,11 +70,11 @@ " that is to be read from random sources instead of output bytes") aparser.add_argument( "--repertoire", "--type", "-t", - choices=("web", "web-safe", "web-safe2", "ascii", "safe-ascii", + choices=("web", "safe-web", "safe-web-2", "ascii", "safe-ascii", "alnum", "safe-alnum", "bin-base64", "bin-urlsafe-base64", "bin-base32", "bin-ascii85", "bin-hex", ), - default="web-safe2", + default="safe-web-2", help=""" Select from a character repertoire. All repertoires that start with "bin-" just encode the output of @@ -85,10 +89,10 @@ if opts.repertoire == "web": pwd = gen_from_repertoire(opts.req_length, WEB_CHARS) - elif opts.repertoire == "web-safe": - pwd = gen_from_repertoire(opts.req_length, WEB_SAFE_CHARS) - elif opts.repertoire == "web-safe2": - pwd = gen_from_repertoire(opts.req_length, WEB_SAFE2_CHARS) + elif opts.repertoire == "safe-web": + pwd = gen_from_repertoire(opts.req_length, SAFE_WEB_CHARS) + elif opts.repertoire == "safe-web-2": + pwd = gen_from_repertoire(opts.req_length, SAFE_WEB_CHARS_2) elif opts.repertoire == "ascii": pwd = gen_from_repertoire(opts.req_length, FULL_ASCII) elif opts.repertoire == "safe-ascii":