soslan / passgen Goto Github PK

When supplying limit_punctuation to password generation, is is not guaranteed that the punctuation will be included in the resulting password. This could be classified as a feature or a bug not sure which a user may consider.

For now, if you want to assure a password contains the special characters from a limited list, you can use this small function. I will likely make an updated patch that does just this shortly.

def random_password(length, type='strong'):
    limit_punctuation="!@#$"
    while True:
        password = passgen(length=length, punctuation=True, limit_punctuation=limit_punctuation)
        print(password)
        if any(char in limit_punctuation for char in password):
            break
    return password

I'm a little lazzy, and not a native on english, so typing --upper and --lower is annoying and a bit difficult, how about -c for small case and -C for upper cases?

passgen.py:168: DeprecationWarning: The random parameter to shuffle() has been deprecated since Python 3.9 and will be removed in a subsequent version.

uh yeah, using a pseudorandom number generator (PRNG) for secrets (passwords) is not acceptable, if your going to keep this published on pypi, I must strongly encourage the heedence of the documented prng module https://docs.python.org/2/library/random.html

In that random.SystemRandom or os.urandom be used to choose the random value.

Warning

The pseudo-random generators of this module should not be used for security purposes. Use os.urandom() or SystemRandom if you require a cryptographically secure pseudo-random number generator.

The premise of PRNG is that the results are seeded and entirely reproducible, a trivial replay attack can produce the passwords generated here.