Giter VIP home page Giter VIP logo

apg-go's Issues

Installation documentation should include "go install" instructions

The project has obviously gone to a lot of trouble to ensure packages, executables and docker images are readily available so it's somewhat surprising that this go project doesn't document the use of "go install github.com/wneessen/apg-go/cmd/apg@latest" as a way of slurping down the latest sources and compiling and installing locally.

The big advantage of the "go install" approach is that we don't have to worry about whether the distributions have updated to the latest versions, particularly if you want to test a recent feature.

I do note that the go.mod requires 1.22 which is more recent than a lot of go distributions (Debian, FreeBSD to name just two) so currently "go install" is a bit constrained, but assuming there is no special need to bump go.mod, as time goes by the "go install" method will work on more and more standard distributions.

apg-go v2

The current apg-go has some design flaws that makes it hard to maintain the code base. To address this, we'll start working on v2 of this. It will overhaul the whole programm and will follow a much more approachable concept. Requested enhancements will be added to v2 but will likely not make it to the current version. The code base will be tracked in the v2 branch.

Add a example in README.md

Hey

Nice tool!
I would be nice to have a GIF or usage section with examples in the README ๐Ÿ˜„

๐Ÿ‘‹

Support adding at least minimal amount of numerical/special symbols.

Hello.

Is your feature request related to a problem? Please describe.
Well, I don't see a clear way of requiring at least one numerical or special symbol in passwords. With current flags I can just enable them, but they don't appear in all passwords.

Describe the solution you'd like
Ability to set minimal amount of numerical/special symbols in generated password.

Group password characters in a smart-phone friendly order

As we all know, entering a random string of characters with a smartphone touch screen is tedious and error prone due to the need to toggle keypads to gain access to different character tables.

For example, the four character sequence "dO#G" requires the follow 10 keystrokes on iOS.

<shift> d <shift> O <123> <#+=> # <ABC> <shift> G

(Where <keypad> identifies a keypad selection).

This makes entering a reasonable secure random password an excruciating process.

One solution is to group the string in keypad order, e.g, all the lower case letters first, then the upper case letters, then the unshifted specials and finally the shifted specials and thus significantly reducing the times a <shift> keystroke is needed as well as the number of keyboard context switches for your brain.

For example, the sequence "Fj#Wr@eLxP9z]9eL" might be regrouped as "FWLPjwrexze99@]#".

There are probably other ordering sequences which simplify smartphone typing, such as those who type with two thumbs in which case the characters might be alternately selected from the left-hand side then the right-hand side.

Hopefully the benefits are pretty obvious, however there are a number of arguments against the idea:

  1. Obviously any predictable ordering reduces keyspace size for a given length, though the grouping order can still be randomized somewhat as well as the size of the group to increase keyspace size a bit. But when enabled, such a feature should probably recommend increasing key length. Having said that, PINs and the other constrained keyspace sets are vastly smaller per character, so it's not entirely doom and gloom on the security front.

  2. Different operating systems have different keypads, so it might need to be optioned for Android, iOS, etc. which could change their keypad in a future release. It might get a bit unwieldy if selection has to be made by platform/os/language/version.

  3. Some apps on some platforms can select or use custom keypads which might thwart the benefit of grouping in some cases.

  4. One could argue that you should just use a password manager which potentially lets you cut and paste. But some of us don't trust password managers (which is why we use standalone password managers like apg!) and too many websites think it improves security to disallow cut/paste for their password fields.

So this is not necessarily a compelling feature, but it might be useful enough to some.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.