pwgen falls back to insecure entropy silently
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
pwgen (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
If /dev/urandom and /dev/random can't be opened, pwgen SILENTLY falls back to insecure entropy:
It uses srand48/srandom with predictable predictable entropy:
#ifdef HAVE_DRAND48
#else
#endif
* The timestamp can be guessed with either an expiry date in a password file, or by finding entries before/after in the shell history that alter timestamps (among other means).
* The pid and pgrp are often the same
* The lower 11 bits of the usecs are discarded!!
As a side note, when using a secure entropy source, it has modulo bias.
Related to http:// bugs.debian. org/cgi- bin/bugreport. cgi?bug= 672241
Looks like this whole file needs some attention.
Thanks