pwgen falls back to insecure entropy silently

Related to http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=672241

Looks like this whole file needs some attention.

Thanks

Attached is a patch that fixes the bug:

- It will bail out with an error message and exit(1) if there's a problem with /dev/urandom and /dev/random
- The modulo bias has been replaced with a fancy cast-as-double, then multiply by 1.0/2**31, then multiply by max_value and cast back as int

configure.in should also be changed to get rid of the drand48 check (didn't want to spam patch)

Note that pwgen is a dependency of some other packages that users might not be aware of, such as 'maas-region-controller' and openerp - perhaps a check of the apparmor policy of those packages is needed to make sure access to /dev/urandom wasn't blocked.

The attachment "pwgen-randnum.patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

Ok, I wasn't happy with the first patch, because some systems might not have FPUs.

I've attached a patch that wastes some entropy, but still gives an unbiased /dev/urandom read.

The quality of this program is fairly low overall, probably not suitable for main. The phonemes mode produces a tiny amount of entropy per-character, and that's the default for some reason. The secure mode is only getting fixed now, and could have subtly been sabotaging users. sha1 mode is just silly.

passwdqc has pwqgen, which is a good random passphrase generator that can generate 26 - 81 bits worth of entropy in easily remembered passwords.

For simple random password (pwgen -s style), I have a 50 line public domain python script that I could package if needed.

This bug was fixed in the package pwgen - 2.07-1ubuntu1

---------------
pwgen (2.07-1ubuntu1) vivid; urgency=medium

  * Resynchronise with Debian (LP: #1183213, #638418, #1349863). Remaining
    changes:
    - Fix pwgen -s so it works after other options.
    - Use correct compiler when cross-building.
    - Mark pwgen Multi-Arch: foreign.

pwgen (2.07-1) unstable; urgency=high

  * New upstream version
  * Remove backwards compatibility for no-tty mode. Addresses
    CVE-2013-4440 (Closes: #725507)
  * Fail hard if /dev/urandom and /dev/random are not available.
    Addresses CVE-2013-4442 and Launchpad #1183213 (Closes: #767008)
  * Fix pwgen -B so that it doesn't accidentally generate passwords with
    ambiguous characters after changing the case of some letters.
    Addresses Launchpad Bugs #638418 and #1349863
  * Fix potential portability bug on architectures where unsgined ints
    are not 4 bytes long
  * Update Debian policy compliance to 3.9.6.0
  * Build with Debian hardening using dpkg-buildflags
 -- Colin Watson <email address hidden> Tue, 11 Nov 2014 13:11:19 +0000