Control: tags -1 + patch Hey Marc.
On Wed, 2024-08-21 at 10:34 +0200, Marc Haber wrote: > Sounds good for me. How about the attached patch? Cheers, Chris.
--- a/apg.1 2024-08-23 04:40:14.370964005 +0200 +++ b/apg.1 2024-08-23 05:02:52.903622064 +0200 @@ -80,7 +80,7 @@ for password generation. .RS .B 0 -- pronounceable password generation (default) +- pronounceable password generation (default), see \fBSECURITY CAVEATS\fP below .br .B 1 - random character password generation @@ -106,7 +106,7 @@ .B -M mode Use symbolsets specified with \fBmode\fP for password generation. \fBmode\fP is a text string consisting of characters \fBS\fP, \fBs\fP, \fBN\fP, \fBn\fP, -\fBC\fP, \fBc\fP, \fBL\fP, \fBl\fP. Where: +\fBC\fP, \fBc\fP, \fBL\fP, \fBl\fP (see \fBSECURITY CAVEATS\fP below). Where: .RS .TP .B S @@ -273,6 +273,16 @@ message about it. .SH "FILES" .B None. +.SH "SECURITY CAVEATS" +\fBapg\fP is no longer maintained upstream. Alternatives include \fBpwgen\fP, +\fBdiceware\fP and \fBxkcdpass\fP. +.PP +In particular, pronouncable passwords may be prone to various attacks and +enforcing the use of certain symbolsets (via the \fBS\fP, \fBN\fP, \fBC\fP and +\fBL\fP \fBmodes\fP of the \fB-M\fP option) might even simplify attacking the +password. +.br +See Debian bug #987952. .SH "BUGS" .B None. If you've found one, please send bug description to the author.
