Package: libcrypt-passwdmd5-perl Version: 1.3-4 Severity: minor
Hi, I noticed that when you let Crypt::PasswdMD5 generate its own salt, it only uses 63 values out of 64:
$itoa64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
...
$salt .= substr($itoa64,int(rand(64)+1),1)
while length($salt) < 8;
The int(rand(64)+1) returns 1..64, so "." is never used, and one out of 64 times an empty string is appended.
Because of the loop we'll still have 8 bytes, so it's a not a big deal (total of 8*log(63)/log(2) = 47.8 bits of randomness instead of 48)
Eric
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
