User: Password:
|
|
Subscribe / Log in / New account

Fedora account system (FAS) potential information disclosure

Fedora account system (FAS) potential information disclosure

Posted May 10, 2013 15:38 UTC (Fri) by SEJeff (subscriber, #51588)
In reply to: Fedora account system (FAS) potential information disclosure by dskoll
Parent article: Fedora account system (FAS) potential information disclosure

You know, pwgen is also pretty awesome and is in the package repos of virtually every disto in existence.

$ pwgen -s 15 -1
l3zDjPFUpbUDsI6

For more human friendly ones:
$ pwgen -B -1 10
iiPh3Ephae


(Log in to post comments)

Fedora account system (FAS) potential information disclosure

Posted May 10, 2013 16:51 UTC (Fri) by dskoll (subscriber, #1630) [Link]

Yes; I wrote my pwgen before I was aware of the real pwgen. I will probably switch over to it.

Fedora account system (FAS) potential information disclosure

Posted May 11, 2013 5:06 UTC (Sat) by lindi (subscriber, #53135) [Link]

The problem with pwgen is that not all passwords are equally probable. Try generating a few million passwords and see how certain passwords tend to offer more commonly than others.

Fedora account system (FAS) potential information disclosure

Posted May 13, 2013 15:25 UTC (Mon) by bfields (subscriber, #19510) [Link]

Yeah, looks like it's choosing from a pretty small space of passwords; wonder how long they need to be to have a reasonable amount of entropy?

Fedora account system (FAS) potential information disclosure

Posted May 14, 2013 6:15 UTC (Tue) by salimma (subscriber, #34460) [Link]

There's also pwmake, but there the problem is the passwords generated might contain characters that are rejected by poorly-designed programs.

Fedora account system (FAS) potential information disclosure

Posted May 31, 2013 3:41 UTC (Fri) by pabs (subscriber, #43278) [Link]

If you use the -s option it uses /dev/random to generate passwords. Maybe that should be the default?


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds