Password policy: sum of 'at least' constraints" incorrectly includes values...
Popular easy-to-use and secure password manager
Brought to you by:
ronys
Menu
▾
▴
1 Attachments
#1233 Password policy: sum of 'at least' constraints" incorrectly includes values from unticked options
With prerelease v3.35.1, as attached to https://sourceforge.net/p/passwordsafe/bugs/1228/#7750 ...
Create new database (with no entries)
Ctrl-P to generate password
Untick Use Named Policy
Change Use Lowercase to at least 12 (same as password length)
Set Use Symbols to at least 1
Untick Use Symbols (which we just set to 1)
Generate --> incorrectly fails with "password length is less than sum of 'at least' constraints".
A more likely scenario (which is how I actually found the problem):
Create a database with an earlier version (eg 3.34.1)
Change the the default policy by unticking Use Symbols (all other character types are "at least 1")
Save the database (no entries required)
(Sample database is attached, passphrase=1234)
Open with 3.35.1
Ctrl-P to generate password
Untick Use Named Policy
Untick Use Digits (which is still set to "at least 1")
Change Use Lowercase to at least 11
(The request is now for at least 11 lowercase, at least 1 uppercase, "Use digits" is unticked, but still set to "at least 1")
Generate --> fails with "password length is less than sum of 'at least' constraints"
Ie it appears that the "sum of 'at least' constraints" incorrectly includes values from unticked options.
Fixed in commit d06a17c. Will be in next release.