[SOLVED] Selecting special characters

cbtshare · 01-31-2020, 01:58 AM

Hello All,

I have a task to change users password and send the email to them on a VPN box.The issues I am having is that some password created has special characters that linux has issues variablizing

Code:

$newpassword= mkpasswd(-length => 15, -minnum => 4, -minlower => 4, -minupper => 2, -minspecial => 3);

So if the above generates a password like below and stores it in a variable

Code:

122SDfe$%"'\n,

it throws an error system qq {echo -e "$newpassword\n$newpassword" | passwd $username}; So this would be easier below:

Code:

my @alphanumeric = ('A'..'Z', '*', '!' ,':', '>', 0..9);
my $randpassword = join '', map $alphanumeric[rand @alphanumeric], 0..
+13;
print "$randpassword\n"

but how do I get it to always have a special character in the generated password? Thank you

Comment on Selecting PasswordSelec

berndbausch · 01-31-2020, 04:21 AM

I don't know what is an error system qq, but you can't set a password by echoing into standard input of the passwd program. passwd reads from the tty, not standard input (exception: see below).

One way of solving your problem is encrypting your passwd with openssl, then setting the user's password with usermod -p.

I guess the newusers command could also work.

Or, on some distros, use passwd --stdin.

grail · 01-31-2020, 06:55 AM

As above, the how to set the password is something you need to look into further, but as for your special characters, if you simply exclude double quotes you can store what you like in the password
or if you want to get tricky you could simply escape all special characters

boughtonp · 01-31-2020, 09:24 AM

If I had a time machine I'd go find the first person to use this stupid term "special characters" and take appropriate measures to stop them. All characters can be special. :@

Anyway, if certain symbols are causing problems, just don't use them - length matters more - a random 20 character alphanumeric-only string is more secure than a 15 character string that includes symbols.

(Also, any passwords/codes sent over email should be one-time use only, requiring users to specify their own password when they login.)

cbtshare · 01-31-2020, 09:37 AM

Quote:

Originally Posted by berndbausch

I don't know what is an error system qq, but you can't set a password by echoing into standard input of the passwd program. passwd reads from the tty, not standard input (exception: see below).

One way of solving your problem is encrypting your passwd with openssl, then setting the user's password with usermod -p.

I guess the newusers command could also work.

Or, on some distros, use passwd --stdin.

Thanks for your reply, but I have always done this :

Code:

echo -e "Ch@g3me\nCh@g3me" | passwd mock
Changing password for user mock.
New password: BAD PASSWORD: is too simple
Retype new password: passwd: all authentication tokens updated successfully.

But this isn't the issue since I have changed that block for the one below:

Code:

open my $pipe, '|chpasswd' or die "can't open pipe: $!";
print {$pipe} "$username:$newpassword";
close $pipe;

But still issue is that there are certain special characters that wont work well into a variable.

i.e '122SDfe$%"' or '122SDfe$%\' and I am not sure if there are other characters that would do the same so instead of testing every special character, I just want to choose from a few like my script below but I want it to always use a special character

Code:

my @alphanumeric = ('A'..'Z', '*', '!' ,':', '>', 0..9);
my $randpassword = join '', map $alphanumeric[rand @alphanumeric], 0..
+13;
print "$randpassword\n"

cbtshare · 01-31-2020, 10:26 AM

Quote:

Originally Posted by grail

As above, the how to set the password is something you need to look into further, but as for your special characters, if you simply exclude double quotes you can store what you like in the password
or if you want to get tricky you could simply escape all special characters

Nah the directive is that, special characters must always be used. I did also do that using sed

Code:

$newpassword =~ s/"//g;
$newpassword =~ s/'//g;

but then my manager tested and said it seems that other characters may cause an issue

berndbausch · 01-31-2020, 11:36 AM

Today I learned that I has a misconception about the passwd program. It does read from stdin.

Your language doesn't look like shell; Perl perhaps? In any case, putting characters like $ and \ into a double-quoted string in a shell program requires quoting them. Instead, this works:

Code:

$ { echo $p; echo $p 
> }
122SDfe$%\
122SDfe$%\
$ { echo $p; echo $p 
> } | sudo passwd bla
Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully

The ">" is a prompt, by the way.

273 · 01-31-2020, 01:11 PM

Quote:

Originally Posted by boughtonp

If I had a time machine I'd go find the first person to use this stupid term "special characters" and take appropriate measures to stop them. All characters can be special. :@

Anyway, if certain symbols are causing problems, just don't use them - length matters more - a random 20 character alphanumeric-only string is more secure than a 15 character string that includes symbols.

(Also, any passwords/codes sent over email should be one-time use only, requiring users to specify their own password when they login.)

Whilst the security of the password versus the specific characters used is debatable what is not debatable is that any password should be able to use any valid characters. Input validation and flexibility should just be there.

cbtshare · 01-31-2020, 05:09 PM

Quote:

Originally Posted by berndbausch

Today I learned that I has a misconception about the passwd program. It does read from stdin.

Your language doesn't look like shell; Perl perhaps? In any case, putting characters like $ and \ into a double-quoted string in a shell program requires quoting them. Instead, this works:

Code:

$ { echo $p; echo $p 
> }
122SDfe$%\
122SDfe$%\
$ { echo $p; echo $p 
> } | sudo passwd bla
Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully

The ">" is a prompt, by the way.

Yea, its perl. Thanks for your help though, but I need it to work in a script as a variable, so e.g

Code:

 $pass= '@#@1232^?\'

wont work, and this is just an example which would be easy, but if you remember, my script has a password generator, so it'd just be easier to amalgamate some text with characters I want and then get a pssword.

berndbausch · 01-31-2020, 05:37 PM

Sorry, to me Perl is the last frontier, and I have not dared yet penetrating its philosophy. Thus I don't know if and how Perl variables and Perl strings behave differently than shell ones. Surely there are ways to quote special characters? Perhaps your problem comes from your code outputting the same variable twice with a single echo command - how about issuing two echos as I did in the shell snippet?

scasey · 01-31-2020, 07:03 PM

qq is a perl function that double quotes a string. qq {some string} is the same as “some string”

OP, it’s not clear to me exactly what command/line of code is erroring and what error it is throwing.
I usually run system calls in backtics:

Code:

`echo -e "$newpassword\n$newpassword" | passwd $username`

or somtimes something like this

Code:

select STDOUT; $|=1;  # autoflush
open STATUS, "$newpassword\n$newpassword | passwd $username"; $|=1;

which passes the command to the filehandle STATUS after setting that to STDOUT (which it usually is, by default, but I took that snippet from a program that's also writing to a file)

You appear to be double quoting a string containing double quotes, which I wouldn’t expect to work. I suspect that’s the cause of the error.
If you're quoting the entire command, you shouldn't need to do anything about quoting the variable at all.
The contents of the variable shouldn't matter.

cbtshare · 01-31-2020, 11:47 PM

Thank you for still trying to assist. But my issue is not perl related atm. I am just trying to get this bash to work and then I can port it over into perl code if needed

Code:

my @alphanumeric = ('A'..'Z', '*', '!' ,':', '>', 0..9);
my $randpassword = join '', map $alphanumeric[rand @alphanumeric], 0..
+13;
print "$randpassword\n"

When I say work, I mean trying to get the script to always print values with a special character, is that possible?

berndbausch · 02-01-2020, 12:44 AM

Quote:

Originally Posted by cbtshare

Thank you for still trying to assist. But my issue is not perl related atm. I am just trying to get this bash to work and then I can port it over into perl code if needed

Code:

my @alphanumeric = ('A'..'Z', '*', '!' ,':', '>', 0..9);
my $randpassword = join '', map $alphanumeric[rand @alphanumeric], 0..
+13;
print "$randpassword\n"

When I say work, I mean trying to get the script to always print values with a special character, is that possible?

Sorry, but I don't understand this code. Still looks like Perl to me, and I simply don't know this language. If it's Bash, it's syntax I have never seen. What command or function is my? Also, I know of printf, but not print. What are all the at signs?

boughtonp · 02-01-2020, 05:27 AM

Quote:

Originally Posted by 273

... what is not debatable is that any password should be able to use any valid characters. Input validation and flexibility should just be there.

Absolutely - the poorly worded point I was trying to make was that a generated password doesn't need to increase it's character set size from 62 items to 96 items in order to be secure.

It's not uncommon to see generated codes in the format "aaaa-aaaa-aaaa-aaaa" (where each "a" is a randomly selected alphabetical letter or numerical digit) and that is sufficiently secure.

boughtonp · 02-01-2020, 05:57 AM

Quote:

Originally Posted by cbtshare

When I say work, I mean trying to get the script to always print values with a special character, is that possible?

It's possible to write a script that does so, but it's not necessary for three reasons:

1) it isn't necessary to include symbols for a secure password;

2) when including symbols, it's not necessary to force them;

3) there's no point re-inventing the wheel:

Code:

pwgen -cny 15 1