[SOLVED] Specifying ranges with Bash using regex

Ser Olmy · 07-31-2013, 10:45 PM

Password recommendations deserve a thread of their own, but the consensus the last 10 or so years has been that an 8 character password is reasonably safe if you don't use a dictionary word and mix characters from three of these four groups:

lower case letters
upper case letters
numbers
special characters (punctuation etc)

This was not really a good recommendation, and lead to people using rubbish passwords (typically years appended to events that happened that year, or dictionary words with common letter-number substitutions) that they still kept forgetting but automated scripts had a field day with.

Personally, I would recommend raising the minimum length to something like 15 or 20 characters, and teach users how to generate strong passwords that are also easy to remember. And make sure they understand the risks associated with password reuse as well.

PTrenholme · 07-31-2013, 10:45 PM

Quote:

Originally Posted by Lucien Lachance

No, I have the user enter a password size they would like to generate. This number can range from 8-64. However, if this exceeds these bounds continue to ask the user again and then ask for the size of password again. $1 in my helper function represents the input of the size they would like to generate. I print the password by saying:

Code:

printf "%s\n "${my_password[*]:0:length}"

Does that make sense?

So the input is a number that should be between 8 and 64, inclusive. Why not

Code:

if [ $((length > 7))) && $((length < 65)) ]
then
  printf "%s\n "${my_password[*]:0:length}"
  return 0
else
  echo "Your password length must be between 8 and 64, inclusive. Please try again." > 2
  return 1
fi

konsolebox · 08-01-2013, 12:24 AM

Using regex would give more internal processing which is slower and is difficult to reconfigure whereas using simpler conditional arithmetic expressions would be more flexible e.g.

Code:

is_valid() {
    [[ $1 -ge 8 && $1 -le 64 ]]
}
# or
is_valid() {
    (( $1 >= 8 && $1 <= 64 ))
}

Or

Code:

MIN_PASSWORD_LENGTH=8   ## can be placed inside the function instead
MAX_PASSWORD_LENGTH=64  ##
is_valid() {
    [[ $1 -ge MIN_PASSWORD_LENGTH && $1 -le MAX_PASSWORD_LENGTH ]]
}

And as for checking password strings directly this could be one form:

Code:

is_password_valid() {
    PASSWORD_LENGTH=${#1} MIN_PASSWORD_LENGTH=8 MAX_PASSWORD_LENGTH=64
    [[ PASSWORD_LENGTH -ge MIN_PASSWORD_LENGTH && PASSWORD_LENGTH -le MAX_PASSWORD_LENGTH ]]
}

You could even add other checks like:

Code:

shopt -s extglob

is_password_valid() {
    PASSWORD=$1 PASSWORD_LENGTH=${#1} MIN_PASSWORD_LENGTH=8 MAX_PASSWORD_LENGTH=64
    [[ (PASSWORD_LENGTH -ge MIN_PASSWORD_LENGTH && PASSWORD_LENGTH -le MAX_PASSWORD_LENGTH) && $PASSWORD == *+([[:alpha:]])* && $PASSWORD == *+([[:digit:]])* && $PASSWORD != +([^[:print:]]) ]] ## Password should contain letters and numbers, and could only have printable characters.
}

Lucien Lachance · 08-01-2013, 01:22 AM

Appreciate the answer konsolebox, I was having some difficulty testing certain values with regex. I tried doing

Code:

if [[ $length =~ ^[8-9]|1[0-5]$

When I entered the value 90 or 99, the password would print and have a length of 90 characters (when it should catch that error), I didn't run into any of complications with the conditional logic. Is there any reason why you wrote the conditional logic with &&. I know it's a matter of preference, I'm just always used to writing || and wanted to know your answer. Also, could you explain the bash internals and why regex would negatively influence the internals?

Firerat · 08-01-2013, 01:28 AM

^([8-9]|1[0-5])$

note the ()

Firerat · 08-01-2013, 01:37 AM

Quote:

Originally Posted by Lucien Lachance

Is there any reason why you wrote the conditional logic with &&. I know it's a matter of preference, I'm just always used to writing || and wanted to know your answer. Also, could you explain the bash internals and why regex would negatively influence the internals?

the reason for [[ $1 -ge 8 && $1 -le 64 ]]

is when $1 is greater than or equal to 8 AND less than or equal to 64, it returns TRUE (0)

which is handy if you want to know if your password 'fits'
if you do it the other way round (( <= 8 || >= 64 )) , you get FALSE (1) when your password is good, and TRUE when not.. which makes no sense

konsolebox · 08-01-2013, 07:29 AM

Quote:

Originally Posted by Lucien Lachance

Is there any reason why you wrote the conditional logic with &&. I know it's a matter of preference

Not exactly just about preference. With ||, you would need to negate and use the opposite form:

Code:

[[ ! ($1 -lt 8 || $1 -gt 64) ]]

If an input is invalid or if another condition or error makes the
($1 -lt 8 || $1 -gt 64) invalid like if $1 is not an integer, would make the condition valid which is not something that you would expect whereas in [[ $1 -ge 8 && $1 -le 64 ]] anything that would make the condition valid is only what you would really just expect.

And you can't do [[ $1 -ge 8 || $1 -le 64 ]] since apparently that would make any integer number valid.

Quote:

Also, could you explain the bash internals and why regex would negatively influence the internals?

I don't really know how Bash implements it but just imagine it. Commonly with regex a sequence of logic implementers are generated out of the regex string and is used to parse the input or the other operand string, which is clearly a heavy task compared to just evaluating the value of the two integral operands and use a numerical comparison with it. If you know assembly and basic numerical instructions compared to string manipulation mechanisms you would understand what I mean.

Lucien Lachance · 08-01-2013, 08:24 AM

I understand, thanks for the feedback guys. I now have a better understanding of this problem and learned quite a bit from both of your answers.