#!/usr/bin/env zsh # # Usage: genpass-apple [NUM] # # Generate a password made of 6 pseudowords of 6 characters each # with the security margin of at least 128 bits. # # Example password: xudmec-4ambyj-tavric-mumpub-mydVop-bypjyp # # If given a numerical argument, generate that many passwords. emulate -L zsh -o no_unset -o warn_create_global -o warn_nested_var if [[ ARGC -gt 1 || ${1-1} != ${~:-<1-$((16#7FFFFFFF))>} ]]; then print -ru2 -- "usage: $0 [NUM]" return 1 fi zmodload zsh/system zsh/mathfunc || return { local -r vowels=aeiouy local -r consonants=bcdfghjklmnpqrstvwxz local -r digits=0123456789 # Sets REPLY to a uniformly distributed random number in [1, $1]. # Requires: $1 <= 256. function -$0-rand() { local c while true; do sysread -s1 c || return # Avoid bias towards smaller numbers. (( #c < 256 / $1 * $1 )) && break done typeset -g REPLY=$((#c % $1 + 1)) } local REPLY chars repeat ${1-1}; do # Generate 6 pseudowords of the form cvccvc where c and v # denote random consonants and vowels respectively. local words=() repeat 6; do words+=('') repeat 2; do for chars in $consonants $vowels $consonants; do -$0-rand $#chars || return words[-1]+=$chars[REPLY] done done done local pwd=${(j:-:)words} # Replace either the first or the last character in one of # the words with a random digit. -$0-rand $#digits || return local digit=$digits[REPLY] -$0-rand $((2 * $#words)) || return pwd[REPLY/2*7+2*(REPLY%2)-1]=$digit # Convert one lower-case character to upper case. while true; do -$0-rand $#pwd || return [[ $vowels$consonants == *$pwd[REPLY]* ]] && break done # NOTE: We aren't using ${(U)c} here because its results are # locale-dependent. For example, when upper-casing 'i' in Turkish # locale we would get 'İ', a.k.a. latin capital letter i with dot # above. We could set LC_CTYPE=C locally but then we would run afoul # of this zsh bug: https://www.zsh.org/mla/workers/2020/msg00588.html. local c=$pwd[REPLY] printf -v c '%o' $((#c - 32)) printf "%s\\$c%s\\n" "$pwd[1,REPLY-1]" "$pwd[REPLY+1,-1]" || return done } always { unfunction -m -- "-${(b)0}-*" } </dev/urandom