Isn't there a glitch in the password generation algorithm?
mkht opened this issue · comments
There appears to be a problem with the algorithm for password generation using Get-Random
used in several places in the project.
For example, the following code seems to expect to generate a random string of 128 characters, but in fact it generates a string of only 94 characters.
Furthermore, it is not completely random, since the same character can never appear more than once in the string.
# This code generates only 94-digit string and same character never appears more than once
$candidate = (-join ((33..126) | Get-Random -Count 128 | ForEach-Object{[char] $_}))
$candidate.Length # -> 94
If you want to fix this algorithm, I suggest the following code. I will submit a PR for the dev branch if you request it.
# This code generates fully random 128 characters string
-join ((1..128) | ForEach-Object {Get-Random -input ([char[]](33..126))})
I don't fully understand the intent of the code, so if this is the intended behavior rather than a bug, please ignore it.
You are right, I will implement this change in my "dev" branch (I'm currently working on few features already). I will also fix other location where my algorithm generate random strings.
Thank you for your help
EDIT: here is my implementation of your algorithm: 008f0ff