Bug#571189: makepasswd: Insecure password distibution if several password lengths possible

Package: makepasswd Version: 1.10-5 Severity: normal makepasswd has the following command line arguments: --minchars and --maxchars. They allow generating passwords of length from minchars to maxchars. Default settings is to generate passwords of length from 8 to 10 characters. The problem is alg

Bug#564559: makepasswd: Default settings generate insecure passwords

found is in the line my $max = 1 << ($bytes * 8); Theoretically overflow can happen here resulting in zero or negative result and then the program can hang in the loop below this line. But for all reasonable values this line is just fine. Cheers, Fyodor Menshikov. -- To UNSUBSCRIBE,

Bug#564559: makepasswd: Default settings generate insecure passwords

to use old approach (internal rand without reseed) if --randomseed argument is specified. Anyway users of --randomseed were warned that there are only 2^32 cases. Cheers, Fyodor Menshikov. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsub

Bug#564559: makepasswd: Default settings generate insecure passwords

Package: makepasswd Version: 1.10-4 Severity: critical Tags: security Justification: root security hole By default makepasswd gets 32-bit random seed from /dev/urandom, initializes Perl random numbers generator with it using srand function and then generates password length and password chars usin