Attached is a patch that fixes the bug: - It will bail out with an error message and exit(1) if there's a problem with /dev/urandom and /dev/random - The modulo bias has been replaced with a fancy cast-as-double, then multiply by 1.0/2**31, then multiply by max_value and cast back as int
configure.in should also be changed to get rid of the drand48 check (didn't want to spam patch) Note that pwgen is a dependency of some other packages that users might not be aware of, such as 'maas-region-controller' and openerp - perhaps a check of the apparmor policy of those packages is needed to make sure access to /dev/urandom wasn't blocked. ** Patch added: "pwgen-randnum.patch" https://bugs.launchpad.net/ubuntu/+source/pwgen/+bug/1183213/+attachment/3687536/+files/pwgen-randnum.patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1183213 Title: pwgen falls back to insecure entropy silently To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pwgen/+bug/1183213/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
