libpasswdqc generates smutty passwords frequently
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
passwdqc (Ubuntu) |
Triaged
|
Low
|
Unassigned |
Bug Description
The "random" password generator used by passwd (I think this is libpasswdqc), generates smutty passwords with such frequency that I'm concerned about its randomness, has someone put an Easter egg in PAM?
Steps to recreate:
Either use passwd to set a new password, or more simply run pwqgen a bunch of times. The results are too frequently sexual references, often directly referring to the female anatomy. I ran the command ONCE while writing this and got:
alandaws@
Probe!
This is at best inappropriate, at worst it's generating weaker passwords then people might expect.
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: libpasswdqc0 1.3.0-1
ProcVersionSign
Uname: Linux 3.13.0-39-generic x86_64
NonfreeKernelMo
ApportVersion: 2.14.1-0ubuntu3.5
Architecture: amd64
CurrentDesktop: Unity
Date: Mon Jan 5 10:26:33 2015
Dependencies:
gcc-4.9-base 4.9.1-0ubuntu1
libc6 2.19-0ubuntu6.4
libgcc1 1:4.9.1-0ubuntu1
multiarch-support 2.19-0ubuntu6.4
InstallationDate: Installed on 2014-10-02 (94 days ago)
InstallationMedia: Ubuntu 14.04.1 LTS "Trusty Tahr" - Release amd64 (20140722.2)
SourcePackage: passwdqc
UpgradeStatus: No upgrade log present (probably fresh install)
Changed in passwdqc (Ubuntu): | |
importance: | Medium → Low |
Status changed to 'Confirmed' because the bug affects multiple users.