Made a patch and revised ebuild to return behaviour of pwgen -s to that of previous version. Prevents loss of non alpha-numeric characters in random selection of --secure type strings.
Created attachment 17713 [details, diff] pwgen-2.03-addl_pw_chars.patch
Created attachment 17714 [details] pwgen-2.03-r1.ebuild
Created attachment 17715 [details] pwgen_ebuild.diff Differences in 2.03 and -r1 ebuilds.
thanks Gontran
Hmm, IMHO it's not ok to apply that patch by default, as there's a reason not to have these non alnum-chars in the list (users given such a non-alnum password tend to be very unhappy with it). Maybe we should add a local USE-flag, like "pwgen-specialchars".
An even better solution would be to contact the pwgen developer and ask him for another command line switch to explicitly include/exclude non-alnum characters.
OK. The patch returns behaviour that was available in a previous version of the software. Further, this mini-patch enhances a quality piece of software. The additionale characters are only used when pwgen is invoked with the --secure or -s option (did you read the original notice and try the program before you decided to have an opinion? :) So in conclusion, there is nothing wrong with the patch, we don't need another use flag, pwgen is no less user friendly, and we most certainly should NOT contact the author T Ts'o about this issue: he has better things to do. Cheers!
Bla. Compared to the passwords spit out when *not* using the --secure option, the password generated *with* the --secure option (dist behaviour) *are* more secure, as they are *completely* random (have *you* ever compared the outputs?). And have you thought about *why* it has changed in the distribution? I guess there's a reason tytso changed it.
I think I see your point now, I don't care for it. Maybe we could have a long discussion about it on -dev. I like the extra characters for improving strength versus brute force attacks.
This appears to have been resolved a long time ago.
