chezmoi init

dot_oh-my-zsh/plugins/genpass/README.md

@@ -0,0 +1,66 @@
+# genpass
+
+This plugin provides three unique password generators for ZSH. Each generator
+has at least a 128-bit security margin and generates passwords from the
+cryptographically secure `/dev/urandom`. Each generator can also take an
+optional numeric argument to generate multiple passwords.
+
+To use it from an interactive ZSH, add `genpass` to the plugins array in your
+zshrc file:
+
+    plugins=(... genpass)
+
+You can also invoke password generators directly (they are implemented as
+standalone executable files), which can be handy when you need to generate
+passwords in a script:
+
+    ~/.oh-my-zsh/plugins/genpass/genpass-apple 3
+
+## genpass-apple
+
+Generates a pronounceable pseudoword passphrase of the "cvccvc" consonant/vowel
+syntax, inspired by [Apple's iCloud Keychain password generator][1]. Each
+password has exactly 1 digit placed at the edge of a "word" and exactly 1
+capital letter to satisfy most password security requirements.
+
+    % genpass-apple
+    gelcyv-foqtam-fotqoh-viMleb-lexduv-6ixfuk
+
+    % genpass-apple 3
+    japvyz-qyjti4-kajrod-nubxaW-hukkan-dijcaf
+    vydpig-fucnul-3ukpog-voggom-zygNad-jepgad
+    zocmez-byznis-hegTaj-jecdyq-qiqmiq-5enwom
+
+[1]: https://developer.apple.com/password-rules/
+
+## genpass-monkey
+
+Generates visually unambiguous random meaningless strings using [Crockford's
+base32][2].
+
+    % genpass-monkey
+    xt7gn976e7jj3fstgpy27330x3
+
+    % genpass-monkey 3
+    n1qqwtzgejwgqve9yzf2gxvx4m
+    r2n3f5s6vbqs2yx7xjnmahqewy
+    296w9y9rts3p5r9yay0raek8e5
+
+[2]: https://www.crockford.com/base32.html
+
+## genpass-xkcd
+
+Generates passphrases from `/usr/share/dict/words` inspired by the [famous (and
+slightly misleading) XKCD comic][3]. Each passphrase is prepended with a digit
+showing the number of words in the passphrase to adhere to password security
+requirements that require digits. Each word is 6 characters or less.
+
+    % genpass-xkcd
+    9-eaten-Slav-rife-aired-hill-cordon-splits-welsh-napes
+
+    % genpass-xkcd 3
+    9-worker-Vlad-horde-shrubs-smite-thwart-paw-alters-prawns
+    9-tutors-stink-rhythm-junk-snappy-hooray-barbs-mewl-clomp
+    9-vital-escape-Angkor-Huff-wet-Mayra-abbés-putts-guzzle
+
+[3]: https://xkcd.com/936/

dot_oh-my-zsh/plugins/genpass/executable_genpass-apple

@@ -0,0 +1,79 @@
+#!/usr/bin/env zsh
+#
+# Usage: genpass-apple [NUM]
+#
+# Generate a password made of 6 pseudowords of 6 characters each
+# with the security margin of at least 128 bits.
+#
+# Example password: xudmec-4ambyj-tavric-mumpub-mydVop-bypjyp
+#
+# If given a numerical argument, generate that many passwords.
+
+emulate -L zsh -o no_unset -o warn_create_global -o warn_nested_var
+
+if [[ ARGC -gt 1 || ${1-1} != ${~:-<1-$((16#7FFFFFFF))>} ]]; then
+  print -ru2 -- "usage: $0 [NUM]"
+  return 1
+fi
+
+zmodload zsh/system zsh/mathfunc || return
+
+{
+  local -r vowels=aeiouy
+  local -r consonants=bcdfghjklmnpqrstvwxz
+  local -r digits=0123456789
+
+  # Sets REPLY to a uniformly distributed random number in [1, $1].
+  # Requires: $1 <= 256.
+  function -$0-rand() {
+    local c
+    while true; do
+      sysread -s1 c || return
+      # Avoid bias towards smaller numbers.
+      (( #c < 256 / $1 * $1 )) && break
+    done
+    typeset -g REPLY=$((#c % $1 + 1))
+  }
+
+  local REPLY chars
+
+  repeat ${1-1}; do
+    # Generate 6 pseudowords of the form cvccvc where c and v
+    # denote random consonants and vowels respectively.
+    local words=()
+    repeat 6; do
+      words+=('')
+      repeat 2; do
+        for chars in $consonants $vowels $consonants; do
+          -$0-rand $#chars || return
+          words[-1]+=$chars[REPLY]
+        done
+      done
+    done
+
+    local pwd=${(j:-:)words}
+
+    # Replace either the first or the last character in one of
+    # the words with a random digit.
+    -$0-rand $#digits || return
+    local digit=$digits[REPLY]
+    -$0-rand $((2 * $#words)) || return
+    pwd[REPLY/2*7+2*(REPLY%2)-1]=$digit
+
+    # Convert one lower-case character to upper case.
+    while true; do
+      -$0-rand $#pwd || return
+      [[ $vowels$consonants == *$pwd[REPLY]* ]] && break
+    done
+    # NOTE: We aren't using ${(U)c} here because its results are
+    # locale-dependent. For example, when upper-casing 'i' in Turkish
+    # locale we would get 'İ', a.k.a. latin capital letter i with dot
+    # above. We could set LC_CTYPE=C locally but then we would run afoul
+    # of this zsh bug: https://www.zsh.org/mla/workers/2020/msg00588.html.
+    local c=$pwd[REPLY]
+    printf -v c '%o' $((#c - 32))
+    printf "%s\\$c%s\\n" "$pwd[1,REPLY-1]" "$pwd[REPLY+1,-1]" || return
+  done
+} always {
+  unfunction -m -- "-${(b)0}-*"
+} </dev/urandom

dot_oh-my-zsh/plugins/genpass/executable_genpass-monkey

@@ -0,0 +1,32 @@
+#!/usr/bin/env zsh
+#
+# Usage: genpass-monkey [NUM]
+#
+# Generate a password made of 26 alphanumeric characters
+# with the security margin of at least 128 bits.
+#
+# Example password: nz5ej2kypkvcw0rn5cvhs6qxtm
+#
+# If given a numerical argument, generate that many passwords.
+
+emulate -L zsh -o no_unset -o warn_create_global -o warn_nested_var
+
+if [[ ARGC -gt 1 || ${1-1} != ${~:-<1-$((16#7FFFFFFF))>} ]]; then
+  print -ru2 -- "usage: $0 [NUM]"
+  return 1
+fi
+
+zmodload zsh/system || return
+
+{
+  local -r chars=abcdefghjkmnpqrstvwxyz0123456789
+  local c
+  repeat ${1-1}; do
+    repeat 26; do
+      sysread -s1 c || return
+      # There is uniform because $#chars divides 256.
+      print -rn -- $chars[#c%$#chars+1]
+    done
+    print
+  done
+} </dev/urandom

dot_oh-my-zsh/plugins/genpass/executable_genpass-xkcd

@@ -0,0 +1,68 @@
+#!/usr/bin/env zsh
+#
+# Usage: genpass-xkcd [NUM]
+#
+# Generate a password made of words from /usr/share/dict/words
+# with the security margin of at least 128 bits.
+#
+# Example password: 9-mien-flood-Patti-buxom-dozes-ickier-pay-ailed-Foster
+#
+# If given a numerical argument, generate that many passwords.
+#
+# The name of this utility is a reference to https://xkcd.com/936/.
+
+emulate -L zsh -o no_unset -o warn_create_global -o warn_nested_var -o extended_glob
+
+if [[ ARGC -gt 1 || ${1-1} != ${~:-<1-$((16#7FFFFFFF))>} ]]; then
+  print -ru2 -- "usage: $0 [NUM]"
+  return 1
+fi
+
+zmodload zsh/system zsh/mathfunc || return
+
+local -r dict=/usr/share/dict/words
+
+if [[ ! -e $dict ]]; then
+  print -ru2 -- "$0: file not found: $dict"
+  return 1
+fi
+
+# Read all dictionary words and leave only those made of 1-6 characters.
+local -a words
+words=(${(M)${(f)"$(<$dict)"}:#[a-zA-Z](#c1,6)}) || return
+
+if (( $#words < 2 )); then
+  print -ru2 -- "$0: not enough suitable words in $dict"
+  return 1
+fi
+
+if (( $#words > 16#7FFFFFFF )); then
+  print -ru2 -- "$0: too many words in $dict"
+  return 1
+fi
+
+# Figure out how many words we need for 128 bits of security margin.
+# Each word adds log2($#words) bits.
+local -i n=$((ceil(128. / (log($#words) / log(2)))))
+
+{
+  local c
+  repeat ${1-1}; do
+    print -rn -- $n
+    repeat $n; do
+      while true; do
+        # Generate a random number in [0, 2**31).
+        local -i rnd=0
+        repeat 4; do
+          sysread -s1 c || return
+          (( rnd = (~(1 << 23) & rnd) << 8 | #c ))
+        done
+        # Avoid bias towards words in the beginning of the list.
+        (( rnd < 16#7FFFFFFF / $#words * $#words )) || continue
+        print -rn -- -$words[rnd%$#words+1]
+        break
+      done
+    done
+    print
+  done
+} </dev/urandom

dot_oh-my-zsh/plugins/genpass/genpass.plugin.zsh

@@ -0,0 +1 @@
+autoload -Uz genpass-apple genpass-monkey genpass-xkcd