Ok, I wasn't happy with the first patch, because some systems might not have FPUs.
I've attached a patch that wastes some entropy, but still gives an unbiased /dev/urandom read. The quality of this program is fairly low overall, probably not suitable for main. The phonemes mode produces a tiny amount of entropy per- character, and that's the default for some reason. The secure mode is only getting fixed now, and could have subtly been sabotaging users. sha1 mode is just silly. passwdqc has pwqgen, which is a good random passphrase generator that can generate 26 - 81 bits worth of entropy in easily remembered passwords. For simple random password (pwgen -s style), I have a 50 line public domain python script that I could package if needed. ** Patch added: "A better patch" https://bugs.launchpad.net/ubuntu/+source/pwgen/+bug/1183213/+attachment/3688288/+files/randnum_c_v2.patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1183213 Title: pwgen falls back to insecure entropy silently To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pwgen/+bug/1183213/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
