Skip Menu |

Preferred bug tracker

Please visit the preferred bug tracker to report your issue.

This queue is for tickets about the Session-Token CPAN distribution.

Report information
The Basics
Id: 78645
Status: resolved
Priority: 0/
Queue: Session-Token
People
Owner: Nobody in particular
Requestors: NEILB [...] cpan.org
Cc:
AdminCc:
Bug Information
Severity: Wishlist
Broken in: 0.82
Fixed in: (no value)

History Show all quoted text
  Sun Jul 29 09:39:16 2012 NEILB [...] cpan.org - Ticket created
Subject: Add arguments for specifying min length and max length
I realise the target for this module is token generation, but many password generation modules let you specify a minimum length and a maximum length, and you'll get something back within the range. You could support both the length and minlength/maxlength, as App::Genpass does.
  Tue Jul 31 23:25:49 2012 FRACTAL [...] cpan.org - Correspondence added
Thank you very much for your suggestion. Note that you can truncate the tokens created by Session::Token but if you do so be careful not to introduce bias. For example, if you choose the length of the token as a uniformly distributed random length between, say, 6 and 10 then the output is biased towards shorter token sizes. Length 6 tokens should appear much less frequently than length 10 tokens because there are so many fewer of them. Tokens always being the same length is in fact partially regarded as a feature. As described in the POD: "This is nice because it makes writing matching regular expressions easier, simplifies storage (you never have to store length), and causes various log files and things to line up neatly on your screen." I'm not opposed to implementing variable length tokens, but it complicates the implementation especially since you should still be able to specify minimum entropy variable length tokens. Minimum entropy is really the primary input to Session::Token, not length. I don't personally have any need of variable length tokens and would prefer not to complicate the implementation. Sorry. Patches considered though. On Sun Jul 29 09:39:16 2012, NEILB wrote: Show quoted text
> I realise the target for this module is token generation, but many > password generation modules > let you specify a minimum length and a maximum length, and you'll get > something back within > the range. > > You could support both the length and minlength/maxlength, as > App::Genpass does.
  Tue Jul 31 23:25:49 2012 The RT System itself - Status changed from 'new' to 'open'
  Wed Aug 01 09:36:15 2012 NEILB [...] cpan.org - Correspondence added
Show quoted text
> I don't personally have any need of variable length tokens and would > prefer not to complicate the implementation. Sorry. Patches considered > though.
Thanks for the very detailed reply. I may put this idea on my coding backburner. I just added your module into my review of password generating modules [1], where it did well, and I'd like to see it do better :-) Neil [1] http://neilb.org/reviews/passwords.html
  Tue Feb 05 20:25:58 2013 FRACTAL [...] cpan.org - Correspondence added
I'm closing this ticket because I prefer the github issue tracker and because of the reasons explained here in the docs: https://metacpan.org/module/Session::Token#VARIABLE-LENGTH-TOKENS As said earlier, I apprectiate your feedback. If you like please re-open a wishlist item on github.
  Tue Feb 05 20:25:59 2013 FRACTAL [...] cpan.org - Status changed from 'open' to 'resolved'