severity 666725 normal
thanks
On Sun, Apr 01, 2012 at 12:50:58PM +0200, Thomas Arendsen Hein wrote:
>
> When using "pwgen -s 1 50" to generate 50 one-char passwords,
> only lowercase letters are used.
>
> When using "pwgen -s 2 50" to generate 50 two-char passwords,
> exactly one lowercase letter and one number is used.
>
> Three-char and longer passwords are not affected by this major
> security issue.
Thanks for reporting this, and I agree it's a bug, but if you're using
one or two letter passwords (or heck, anything under 5 characters),
you're totally insecure anyway. Whether someone has to brute force 26
possible passwords versus 62 possible passwords is not a "major
security issue". :-)
- Ted
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
