oss-sec mailing list archives
Re: gpw password generator giving short password at low rate
From: Henri Salo <henri () nerv fi>
Date: Tue, 17 Jan 2012 11:17:45 +0200
On Tue, Jan 17, 2012 at 09:51:05AM +0100, Yves-Alexis Perez wrote:
we were pointed at a bug in gpw (a password generator), which makes it generate shorter password than required at a rate of ~20 over 1 million. The bug is at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=651510 (so already public) and I'm wondering if that deserves a CVE: * gpw seems unmaintained (upstream and in Debian since around 2006) * I'm not sure people even use it * people using it interactively will notice the password has the wrong size But as it may be used in a script, then it might still be a real issue. What do people think?
I think this is security issue and should receive CVE. Is this program used in other distributions we could notify? Has this been fixed in other versions? - Henri Salo
Current thread:
- gpw password generator giving short password at low rate Yves-Alexis Perez (Jan 17)
- Re: gpw password generator giving short password at low rate Henri Salo (Jan 17)
- Re: gpw password generator giving short password at low rate Yves-Alexis Perez (Jan 17)
- Re: gpw password generator giving short password at low rate Kurt Seifried (Jan 17)
- Re: gpw password generator giving short password at low rate Yves-Alexis Perez (Jan 17)
- Re: gpw password generator giving short password at low rate Steven M. Christey (Jan 17)
- Re: gpw password generator giving short password at low rate Henri Salo (Jan 17)