Perhaps taking d-mentors@l.d.o off future replies could be done.
Thanks!
-mz
On Tue, Apr 17, 2012 at 3:17 PM, Timo Juhani Lindfors
wrote:
> Vladimir Stavrinov writes:
>> In some degree it is compensated by the fact, that double letters are
>> excluded as well as other combinations. This forces
Vladimir Stavrinov writes:
> In some degree it is compensated by the fact, that double letters are
> excluded as well as other combinations. This forces to to call $RANDOM
> again and again before pick up a symbol.
Calling $RANDOM again and again does not help at all. If you run
for i in $(seq
On Tue, Apr 17, 2012 at 09:40:50PM +0300, Timo Juhani Lindfors wrote:
> Now there is at least the problem that you are using the $RANDOM
Yes, I am aware of this already and will consider other solutions.
> variable of bash. It is easily predictable and should not be used to
In some degree it i
Vladimir Stavrinov writes:
> http://mentors.debian.net/debian/pool/main/r/rpg/rpg_1.0.4-1.dsc
Now there is at least the problem that you are using the $RANDOM
variable of bash. It is easily predictable and should not be used to
produce passwords.
--
To UNSUBSCRIBE, email to debian-bugs-dist-r
On Wed, Apr 11, 2012 at 11:00:27PM +0300, Timo Juhani Lindfors wrote:
> Vladimir Stavrinov writes:
> > I am on 3.2.0-2
>
> I'm on linux-image-3.2.0-1-amd64 3.2.4-1 and it works.
>
root@mana:~# stap -e 'probe syscall.execve { printf("%s\n", argstr); }' -c 'rpg'
semantic error: missing x86_64 ke
Vladimir Stavrinov writes:
> I am on 3.2.0-2
I'm on linux-image-3.2.0-1-amd64 3.2.4-1 and it works.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
On Wed, Apr 11, 2012 at 10:46:06PM +0300, Timo Juhani Lindfors wrote:
> Why? systemtap works with debian stable kernels.
I am on 3.2.0-2
***
### Vladimir Stavrinov
### vstavri...@gmail.com
***
--
To UNSUBSCRIBE, email to debian-bugs-dist-req
Vladimir Stavrinov writes:
> Certainly! But to resolve last issue, I should compile custom kernel,
> while at this time I am using Debian binary kernel.
Why? systemtap works with debian stable kernels.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "un
On Wed, Apr 11, 2012 at 10:16:15PM +0300, Timo Juhani Lindfors wrote:
> If you are going to maintain this package you really need to learn how
> to audit it for security issues :)
Certainly! But to resolve last issue, I should compile custom kernel,
while at this time I am using Debian binary ker
Vladimir Stavrinov writes:
> Don't worry, we have nowhere to rush. I can't check it myself, so I'll
> wait for You. Thank You for Your assistance.
If you are going to maintain this package you really need to learn how
to audit it for security issues :)
--
To UNSUBSCRIBE, email to debian-bugs-
On Wed, Apr 11, 2012 at 08:15:56PM +0300, Timo Juhani Lindfors wrote:
>
> I'm too busy at least at the moment.
>
Don't worry, we have nowhere to rush. I can't check it myself, so I'll
wait for You. Thank You for Your assistance.
***
### Vladimir Stavrinov
### vstavr
Vladimir Stavrinov writes:
> Fixed. Please, check it again:
I'm too busy at least at the moment.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
On Wed, Apr 11, 2012 at 09:32:22AM +0300, Timo Juhani Lindfors wrote:
> It's the tr commands this time.
>
> $ stap -e 'probe syscall.execve { printf("%s\n", argstr); }' -c './rpg'
Fixed. Please, check it again:
http://mentors.debian.net/debian/pool/main/r/rpg/rpg_1.0.4-1.dsc
--
*
On Wed, Apr 11, 2012 at 09:32:22AM +0300, Timo Juhani Lindfors wrote:
> > Ok. Show me where You see password. What command in process list does show
> > password?
>
> It's the tr commands this time.
Thank You. I will fix this.
--
***
## Vladimir Stavrinov
## vstavri.
Vladimir Stavrinov writes:
> Ok. Show me where You see password. What command in process list does show
> password?
It's the tr commands this time.
$ stap -e 'probe syscall.execve { printf("%s\n", argstr); }' -c './rpg'
parketdufime
./rpg
/usr/bin/cut "-c" "7"
/usr/bin/tr "-d" "p"
/us
On Sat, Apr 07, 2012 at 01:36:10AM +0400, Vladimir Stavrinov wrote:
> > rpg 1.0.2
>
> Ok. Show me where You see password. What command in process list does show
> password?
Please, check new version:
http://mentors.debian.net/debian/pool/main/r/rpg/rpg_1.0.3-1.dsc
*
On Sat, Apr 07, 2012 at 12:23:11AM +0300, Timo Juhani Lindfors wrote:
>
> rpg 1.0.2
Ok. Show me where You see password. What command in process list does show
password?
***
### Vladimir Stavrinov
### vstavri...@gmail.com
***
--
To UN
Vladimir Stavrinov writes:
> May be You are using old version? Please, show me output from:
>
> rpg -V
$ ./rpg -V
rpg 1.0.2
(C) Vladimir Stavrinov vstavri...@gmail.com, GPL
Just think about all the commands you execute. It shouldn't be too
difficult. I can disclose the right a
On Sat, Apr 07, 2012 at 12:22:05AM +0400, Vladimir Stavrinov wrote:
> How? It is impossible: to fix the last bug, I have removed grep at all
> and used shell variable editing instead. And I can't reproduce this bug.
> Please, show me where and how do You see password.
May be You are using old ver
On Fri, Apr 06, 2012 at 10:48:33PM +0300, Timo Juhani Lindfors wrote:
> Vladimir Stavrinov writes:
> > Fixed:
>
> Unfortunately not. I can still see the password. Writing security
How? It is impossible: to fix the last bug, I have removed grep at all
and used shell variable editing instead. And
Vladimir Stavrinov writes:
> Fixed:
Unfortunately not. I can still see the password. Writing security
sensitive software a shell script is quite challenging. I would really
urge you to improve some existing program instead.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.or
On Thu, Apr 05, 2012 at 06:48:26PM +0400, Vladimir Stavrinov wrote:
> On Thu, Apr 05, 2012 at 05:35:21PM +0300, Timo Juhani Lindfors wrote:
>
> > When the generator prints "Vipeza" as a password it does
> >
> > /bin/grep "-qw" "vi"
>
> Yes, I see: it is another invocation of grep. Should be fix
On Thu, Apr 05, 2012 at 10:56:19AM -0700, Russ Allbery wrote:
> Debian already has the apg package, which purports to do the same thing
> and is a compiled C binary, so doesn't have the various problems with
> grep. Is the readability of the passwords generated by rpg really
> sufficiently better
Vladimir Stavrinov writes:
> To advantage of this utility points it's name: "READABLE password
> generator". If You can read (i.e. to pronounce), then it is easy for
> remembering. But "readable" doesn't means "weak" - it is strong enough
> as long as dictionary is available for consulting to exc
On Thu, Apr 05, 2012 at 05:35:21PM +0300, Timo Juhani Lindfors wrote:
> When the generator prints "Vipeza" as a password it does
>
> /bin/grep "-qw" "vi"
Yes, I see: it is another invocation of grep. Should be fixed in similar
way. But it is more tricky, because here the stdin already used by g
Vladimir Stavrinov writes:
> I've ran rpg in continues loop, but no password was caught, because it
> fed to grep via stdin directly from shell. To be sure, please, test it
> again.
I can still see the password.
When the generator prints "Vipeza" as a password it does
/bin/grep "-qw" "vi"
/bin/
On Wed, Apr 04, 2012 at 01:39:07PM +0300, Timo Juhani Lindfors wrote:
> I think rpg is very insecure since all local users of the system can see
> the passwords that you generate. All they need to do is to look for the
> "grep" commands that appear in the process list.
Fixed. See:
http://mentors
Vladimir Stavrinov writes:
> First of all in most cases it is using on workstation where are no other
> live users then You (or hacker breached into Your system) . Second, it
> is used sporadically and rarely. To catch those passwords You need
> continuously watching and analyze process list for a
On Wed, Apr 04, 2012 at 01:41:43PM +0200, Ansgar Burchardt wrote:
> We also have pwgen which "generates pronounceable passwords" according
> to its man page.
As You can see, it is first utility mentioned here in this thread before apg,
and
again, I have used it too before apg. But it generates e
On 04/04/2012 01:09 PM, Vladimir Stavrinov wrote:
> I've used apg few years ago, but was not satisfied with it. That is
> exactly why I have started to write my own alternative. The main point
> was pronounceability.
We also have pwgen which "generates pronounceable passwords" according
to its man
On Wed, Apr 04, 2012 at 01:39:07PM +0300, Timo Juhani Lindfors wrote:
> I think rpg is very insecure since all local users of the system can see
> the passwords that you generate. All they need to do is to look for the
> "grep" commands that appear in the process list.
First of all in most cases
On Wed, Apr 04, 2012 at 12:22:44PM +0200, Bartosz FeÅski wrote:
> So basically this is another tool like the apg?
> http://packages.debian.org/sid/apg
I've used apg few years ago, but was not satisfied with it. That is
exactly why I have started to write my own alternative. The main point
was pr
Vladimir Stavrinov writes:
> To advantage of this utility points it's name: "READABLE password
> generator". If You can read (i.e. to pronounce), then it is easy for
> remembering. But "readable" doesn't means "weak" - it is strong enough
> as long as dictionary is available for consulting to excl
W dniu 04.04.2012 12:17, Vladimir Stavrinov pisze:
> To advantage of this utility points it's name: "READABLE password
> generator". If You can read (i.e. to pronounce), then it is easy for
> remembering. But "readable" doesn't means "weak" - it is strong enough
> as long as dictionary is available
To advantage of this utility points it's name: "READABLE password
generator". If You can read (i.e. to pronounce), then it is easy for
remembering. But "readable" doesn't means "weak" - it is strong enough
as long as dictionary is available for consulting to exclude words from
out of there.
--
-Oorspronkelijk bericht-
Van: Richard Laager [mailto:rlaa...@wiktel.com]
Verzonden: dinsdag 7 februari 2012 21:26
Aan: Bas van den Dikkenberg; 659...@bugs.debian.org
Onderwerp: Re: Bug#659047: RFS: rpg - Readable Password Generator
What advantages does this program have over pwgen
What advantages does this program have over pwgen (which has been around
for a long time and is already package)?
--
Richard
signature.asc
Description: This is a digitally signed message part
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Package: sponsorship-requests
Severity: normal
Dear mentors,
I am looking for a sponsor for my package "rpg".
* Package name: rpg
Version : 1.0.0-1
Upstream Author : Vladimir Stavrinov
* URL : http://sourceforge.net/pr
38 matches
Mail list logo
