Does not generate random passwords
Bug #237251 reported by
Ingo Ruhnke
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| makepasswd (Ubuntu) |
Fix Released
|
Undecided
|
Colin Watson | ||
Bug Description
Binary package hint: makepasswd
makepasswd doesn't use /dev/random to generate the password as the description claims, but only uses /dev/random to generate a 32bit seed for the insecure srand/rand functions. This limits it to a pool of just 2**32 possible passwords which is much less the it should be able to produce given the default length of 6-8 characters (which also sounds rather short) out of a collection of 58.
CVE References
Revision history for this message
| Ingo Ruhnke (grumbel) wrote | #1 |
Revision history for this message
| Henrik Holst (millihenrik) wrote | #2 |
Revision history for this message
| Henrik Holst (millihenrik) wrote | #3 |
| Changed in makepasswd: | |
| status: | New → Confirmed |
Revision history for this message
| Colin Watson (cjwatson) wrote | #4 |
| Changed in makepasswd (Ubuntu): | |
| assignee: | nobody → Colin Watson (cjwatson) |
| status: | Confirmed → Fix Released |
To post a comment you must log in.
Ubuntu 8.04
makepasswd: 1.10-3