I'd appreciate it if you could have a look at the code I just uploaded
to unstable, and review it for correctness. You can see the diff here:
http://bzr.debian.org/loggerhead/users/cjwatson/makepasswd/trunk/revision/20
I've reviewed the code. The only possible problem I've found is in the li
On Mon, Jan 11, 2010 at 04:23:17PM +0300, Fyodor Menshikov wrote:
> Colin Watson wrote:
>> I'm not sure how calling srand every time would help at all, though.
>> Your point is that there are only 2^32 possible seeds. If we call srand
>> every time, then there are still only 2^32 possible seeds. In
I'm not sure how calling srand every time would help at all, though.
Your point is that there are only 2^32 possible seeds. If we call srand
every time, then there are still only 2^32 possible seeds. In fact,
calling srand every time makes it worse; at least at the moment the
administrator can tel
On Sun, Jan 10, 2010 at 11:19:51AM +0300, Fyodor Menshikov wrote:
> Package: makepasswd
> Version: 1.10-4
> Severity: critical
> Tags: security
> Justification: root security hole
>
> By default makepasswd gets 32-bit random seed from /dev/urandom, initializes
> Perl random numbers generator with
Package: makepasswd
Version: 1.10-4
Severity: critical
Tags: security
Justification: root security hole
By default makepasswd gets 32-bit random seed from /dev/urandom, initializes
Perl random numbers generator with it using srand function and then generates
password length and password chars usin
5 matches
Mail list logo
