Re: Release-critical Bugreport for June 23, 2000
On Fri, Jun 23, 2000 at 12:02:42PM +0200, Falk Hueffner wrote:
> % pwgen 8 100000 | sort | uniq -c | sort -nr | head
> 17 thoothi
> 17 thithoo
> 13 thooqui
>
> I think should be possible to generate 100000 passwords without
> repeating some 17 times. ("thoothi" and "thithoo" seem to win all the
> time...)
>
> Regarding there's also an open bug about a missing license, which IMHO
> alone makes this unsuitable for release, I would really consider
> flagging this package for removal.
The default has been changed.. pwgen USED to default to --capitalize
--numerals. It was (I believe) changed in potato to produce thid default
behavior.
If you use --capitalize --numerals --alt-phonics, then you get something like
the following:
adam@spotted:~$ pwgen --capitalize --numerals --alt-phonics 8 100000 | sort | uniq -c | sort -nr | head -n 20
7 thoothi
5 thuthoo
5 thoocho
Which is a little better. Either way, I don't think this package should be
removed. A sysadmin/user has the choice to use an insecure password or to
use something secure. Maybe it should be changed back to the old default
behavior though.
--Adam
Reply to: