Feature: Support restrictive password policies via uniform sampling of regular languages

[eternaleye]

One limiting factor for password managers that generate (rather than storing) passwords is that many sites have restrictive password policies. However, most password policies can be described as regular languages (possibly in a composable/modular manner, as they are closed under intersection). Because regular languages can be sampled from uniformly, this may offer a clean way to support sites with restrictive password policies without sacrificing security.

In the paper Uniform Sampling for Networks of Automata, Section 2.1 "Cardinalities and fixed length uniform sampling" sketches a simple algorithm for doing this for arbitrary fixed output length (which would match the current behavior, of always emitting 40-character rwd values). However, another approach would be to include the "preferred" output length for each site as part of the policy language, and use the algorithm described in section 2.2 "Generating functions and Boltzmann sampling". Both of these do presume the regular language has been transformed to a DFA.