Your message dated Wed, 15 Jun 2005 01:32:36 -0400
with message-id <[EMAIL PROTECTED]>
and subject line Bug#154561: fixed in pwgen 2.04-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 28 Jul 2002 03:16:13 +0000
>From [EMAIL PROTECTED] Sat Jul 27 22:16:13 2002
Return-path: <[EMAIL PROTECTED]>
Received: from host-216-76-182-46.gso.bellsouth.net (anomie.wasteland)
[216.76.182.46] ([46QTyZsRWECxZpKdPu3Sqi3ju6woPr5K])
by master.debian.org with esmtp (Exim 3.12 1 (Debian))
id 17YeXU-00033j-00; Sat, 27 Jul 2002 22:16:12 -0500
Received: from lists by anomie.wasteland with local (Exim 3.35 #1 (Debian))
for [EMAIL PROTECTED]
id 17YeXQ-0003A4-00; Sat, 27 Jul 2002 23:16:08 -0400
Date: Sat, 27 Jul 2002 23:16:08 -0400
From: Brad <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: pwgen: generated passwords suddenly less secure
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4i
Delivered-To: [EMAIL PROTECTED]
Package: pwgen
Version: 2.02-1
I needed a new password today, and found the pwgen wasn't giving me as
good of passwords as usual. In particular:
$ pwgen -s
34bstATn 3ytenLij H0TJXW8H H1xWtUPi IwyNsVPd URGMaCZi GYTfaQ3b qXzmtA4g
KZYM9WcW LDUgGtUL xUnU4tQh l5TCBUKF S4GRbTuD 9aOUgc1Y ZkeRzdn0 Tbv4dgZy
kPadd4MJ wKqs41op LnLU4Mk1 pwZs10d7 t5ZRCNvT uPF5eQ4j KOhUmLU8 IYGXKmgf
z61EA6mV 0Q4xJlvw aFrKFT8f hZnjvNJS jUdGUzbI HTbRJL4F nw1d3wPf oayRMx28
PY1pFUYw JQLU4ruq wK4MBWWT WOGRGjYP lcG0p77E D3FCCZVJ pckQ8CLE AyaaATTJ
U6VZY5Kb dbFiPOg4 nErqJPY4 DpitbWHF C9itNA98 lbk7YnM3 jnMIzmEJ x4OspJVR
2M8EOAq3 0rfKmMBn h86Wczow FBmHISRd 2IKj3aXu a3SGAcDQ 8IQqaI0t 5Mo7K236
rlmYVRQZ lT8ZSlzh 8fZAZkLQ yDys11Q0 Gi0aToNJ 7YOS27yG hpgeKF3k lasFEyhf
5aIP5IRk crW7q5L8 HE482PMr fFIuO7y1 08iCXNDV Qwg8OhJw SvQn4V59 S8OijiBE
AlEpVEaP 44ypRpUw Pts03gCf 0PTkxMqY dAEGx8ed Qr0W3xxX tI5zNQFX g3Pw67eS
R3xRh0KM g8lDzIpS GbCtyR2a HQPbgqPA EZmF3goJ 1b60mvVc 8TgmlWXM DnruImS9
UK3SHiiT nlnSTwtP JcM5JLwr zm6hLupX Z4pSvkll ddszAjIa hbndA7Rz M18eFizo
beE27Tfs 19jd8CQW XXQ2PexY 82AHF9kU s4vHgKIW StS3RXEt q1iY1UrO gE6aymKX
Jdh0g1hn 3llDtyyf EY0PScWq 4Rfp4PYq xBL2DCTU 5txJhVb5 QJtPSUC1 QlRhfdtP
NEm2SuTk 966iqnDP JSZ5BP5n oPISW7j6 fQiU3AQJ btpdkv8S nfmSs4zu AIHGMDDa
wcl0RcRp xhCxGzaS SRVQjeGL QrEUPb53 4bwhfZy7 CXTuToG8 3ZjaZgWo Z2Cw7JU7
JfXjVRH3 OgfPD5I4 uSHfn9Qo SzBsUn6e Lm2vEjlZ vl5qnkSU GCwMI8at Z7bCoCzB
y1HsOlGl RlKvWM7p 8k8jgPnV G1JReRfQ QKmuI3K0 UZIPOWmf Vag73ahp XBLqYoa1
pRKxEZTG gj6XTMiS I0n3xxLH NYOFoTWD 76DYJq8X c4X097ru GprU87gY xX7RMyx8
kXZvO2GK J7gDmiqG yUdRxIFg NxgMiPa1 SPX2W9Av 3vGspUTp g2K65ejM DB79T2Ja
In particular, it doesn't seem to use any punctuation anymore. I see in
the (not installed?) upstream ChangeLog an entry that most punctuation
was added to the bad characters list to make the passwords "more
usable". Instead, i'd suggest a command-line option to control this
behavior. Maybe something like "--punctuation" to allow the characters
that used to be allowed (and maybe even have it take an optional string
of punctuation to override that allowed list?).
BTW, i've had to work with systems before where none of the above
passwords are usable, since punctuation of some sort or another was
required. Strange but true...
---------------------------------------
Received: (at 154561-close) by bugs.debian.org; 15 Jun 2005 05:38:02 +0000
>From [EMAIL PROTECTED] Tue Jun 14 22:38:02 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DiQbC-0003Lf-00; Tue, 14 Jun 2005 22:38:02 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1DiQVw-0000Tu-00; Wed, 15 Jun 2005 01:32:36 -0400
From: [EMAIL PROTECTED] (Theodore Y. Ts'o)
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#154561: fixed in pwgen 2.04-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Wed, 15 Jun 2005 01:32:36 -0400
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Source: pwgen
Source-Version: 2.04-1
We believe that the bug you reported is fixed in the latest version of
pwgen, which is due to be installed in the Debian FTP archive:
pwgen_2.04-1.diff.gz
to pool/main/p/pwgen/pwgen_2.04-1.diff.gz
pwgen_2.04-1.dsc
to pool/main/p/pwgen/pwgen_2.04-1.dsc
pwgen_2.04-1_i386.deb
to pool/main/p/pwgen/pwgen_2.04-1_i386.deb
pwgen_2.04.orig.tar.gz
to pool/main/p/pwgen/pwgen_2.04.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Theodore Y. Ts'o <[EMAIL PROTECTED]> (supplier of updated pwgen package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 15 Jun 2005 00:39:10 -0400
Source: pwgen
Binary: pwgen
Architecture: source i386
Version: 2.04-1
Distribution: unstable
Urgency: low
Maintainer: Theodore Y. Ts'o <[EMAIL PROTECTED]>
Changed-By: Theodore Y. Ts'o <[EMAIL PROTECTED]>
Description:
pwgen - Automatic Password generation
Closes: 51307 154561 182595 276307 276976 282076 311461
Changes:
pwgen (2.04-1) unstable; urgency=low
.
* New upstream version.
* Adopt maintainership of pwgen. (Closes: #282076)
* Fix minor bug in man page. (Closes: #311461)
* Convert from debmake to debhelper
* Add the --sha1 option so that pwgen uses the SHA1 hash to generate
(not so) random passwords.
* Add --symbols option which adds special symbols to the password.
(Closes: #154561)
* Add short options for --no-capitalize and --no-numerals and make those
options work when --secure is specified.
* Add --ambiguous option which avoids characters that can be confused by
the user. (Closes: #51307)
* Fix bug where --no-capitalized and --no-numerals were ignored for short
passwords. (Closes: #276307)
* In the pwgen man page, explain that human-memorable passwords are
subject to off-line brute force attacks. (Closes: #276976)
* Allow one or more capital letters and digits in human-friendly
passwords (Closes: #182595)
Files:
f6a75e4e0f2169e187948e8f624a3877 544 admin optional pwgen_2.04-1.dsc
c6116603f89a65d1b6ea4bdce00106fb 47276 admin optional pwgen_2.04.orig.tar.gz
27337e7ac1433e6bbb7304cb292b333b 20 admin optional pwgen_2.04-1.diff.gz
7807f22617f13270d79753ca8f01b136 16756 admin optional pwgen_2.04-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFCr7e77To545NnTEARAuQ4AKCK+7LLMXQIoJg9Lj/muzjSGxTqhgCfVmyE
576eNyWmVWLIHI87CJ2hykk=
=RpcM
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
