diff options
Diffstat (limited to '')
-rw-r--r-- | agent/call-pinentry.c | 22 |
1 files changed, 12 insertions, 10 deletions
diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c index 5fcf98b..cbb6bae 100644 --- a/agent/call-pinentry.c +++ b/agent/call-pinentry.c @@ -57,7 +57,9 @@ * passphrase will be rendered as zbase32 which results for 150 bits * in a string of 30 characters. That fits nicely into the 5 * character blocking which pinentry can do. 128 bits would actually - * be sufficient but can't be formatted nicely. */ + * be sufficient but can't be formatted nicely. Please do not change + * this value because pattern check files may let such passwords + * always pass. */ #define DEFAULT_GENPIN_BITS 150 /* The assuan context of the current pinentry. */ @@ -551,6 +553,7 @@ start_pinentry (ctrl_t ctrl) "passphrase visible on the screen?") }, { "tt-visi",N_("|pinentry-tt|Make passphrase visible") }, { "tt-hide",N_("|pinentry-tt|Hide passphrase") }, + { "capshint", N_("Caps Lock is on") }, { NULL, NULL} }; char *optstr; @@ -834,21 +837,20 @@ estimate_passphrase_quality (const char *pw) /* Generate a random passphrase in zBase32 encoding (RFC-6189) to be - * used by Pinentry to suggest a passphrase. */ + * used by Pinentry to suggest a passphrase. Note that we have the + * same algorithm in gpg.c for --gen-random at level 30. It is + * important that we always output exactly 30 characters to match the + * special exception we have in the pattern file for symmetric + * encryption. */ static char * generate_pin (void) { - unsigned int nbits = opt.min_passphrase_len * 8; - size_t nbytes; + unsigned int nbits = DEFAULT_GENPIN_BITS; + size_t nbytes = nbytes = (nbits + 7) / 8; void *rand; char *generated; - if (nbits < 128) - nbits = DEFAULT_GENPIN_BITS; - - nbytes = (nbits + 7) / 8; - - rand = gcry_random_bytes_secure (nbytes, GCRY_STRONG_RANDOM); + rand = gcry_random_bytes_secure (nbytes, GCRY_STRONG_RANDOM); if (!rand) { log_error ("failed to generate random pin\n"); |