Package: password-gorilla
Severity: wishlist
Tags: patch
The used random seed is not very strong. On linux systems /dev/random
and /dev/urandom are default and could be used for strong random seed.
Applied is the patch:
403,407c403,416
<
< append seed "20041201"
< append seed [clock seconds] [clock clicks] [pid]
< append seed [winfo id .] [winfo geometry .] [winfo pointerxy .]
< set hashseed [pwsafe::int::sha1isz $seed]
---
>
> # check if /dev/urandom is available
> if {[file exists /dev/urandom]} {
> set f [open /dev/urandom]
> fconfigure $f -translation binary
> set hashseed [read $f 20]
> close $f
> } else {
> # unsecure seed function
> append seed "20041201"
> append seed [clock seconds] [clock clicks] [pid]
> append seed [winfo id .] [winfo geometry .] [winfo pointerxy
> .]
> set hashseed [pwsafe::int::sha1isz $seed]
> }
--
Psssst! Schon vom neuen GMX MultiMessenger gehört? Der kann`s mit allen:
http://www.gmx.net/de/go/multimessenger01
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
