oss-sec mailing list archives

gpw password generator giving short password at low rate

From: Yves-Alexis Perez <corsac () debian org>
Date: Tue, 17 Jan 2012 09:51:05 +0100

Hi list,

we were pointed at a bug in gpw (a password generator), which makes it
generate shorter password than required at a rate of ~20 over 1 million.
The bug is at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=651510
(so already public) and I'm wondering if that deserves a CVE:

* gpw seems unmaintained (upstream and in Debian since around 2006)
* I'm not sure people even use it
* people using it interactively will notice the password has the wrong
size

But as it may be used in a script, then it might still be a real issue.

What do people think?

Regards,
-- 
Yves-Alexis

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

gpw password generator giving short password at low rate Yves-Alexis Perez (Jan 17)
- Re: gpw password generator giving short password at low rate Henri Salo (Jan 17)
  - Re: gpw password generator giving short password at low rate Yves-Alexis Perez (Jan 17)
    - Re: gpw password generator giving short password at low rate Kurt Seifried (Jan 17)
- Re: gpw password generator giving short password at low rate Steven M. Christey (Jan 17)