Vladimir Stavrinov <vstavri...@gmail.com> writes: > To advantage of this utility points it's name: "READABLE password > generator". If You can read (i.e. to pronounce), then it is easy for > remembering. But "readable" doesn't means "weak" - it is strong enough > as long as dictionary is available for consulting to exclude words from > out of there.
I think rpg is very insecure since all local users of the system can see the passwords that you generate. All they need to do is to look for the "grep" commands that appear in the process list. When I run $ ./rpg efi4vudamna andumfepibit azukvemipa Ardibute pazetmivudub I can clearly see the passwords using a very simple program: lindi2:~$ wget -q http://iki.fi/lindi/watchps.c lindi2:~$ gcc -O2 -Wall -o watchps watchps.c lindi2:~$ echo /lib/x86_64-linux-gnu | ./watchps helper got 2150, waiting for 2151 woke up ... cmdline: "grep -wEqi ^andumfepibit$ /usr/share/dict/words " ... cmdline: "grep -wEqi ^azukvemipa$ /usr/share/dict/words " ... -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
