[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Release-critical Bugreport for June 23, 2000

On Fri, Jun 23, 2000 at 12:02:42PM +0200, Falk Hueffner wrote:
> % pwgen 8 100000 | sort | uniq -c | sort -nr | head
>      17 thoothi
>      17 thithoo
>      13 thooqui
> I think should be possible to generate 100000 passwords without
> repeating some 17 times. ("thoothi" and "thithoo" seem to win all the
> time...)
> Regarding there's also an open bug about a missing license, which IMHO
> alone makes this unsuitable for release, I would really consider
> flagging this package for removal.

The default has been changed..  pwgen USED to default to --capitalize
--numerals.  It was (I believe) changed in potato to produce thid default

If you use --capitalize --numerals --alt-phonics, then you get something like
the following:

adam@spotted:~$ pwgen --capitalize --numerals --alt-phonics 8 100000 | sort | uniq -c | sort -nr | head -n 20
7 thoothi
5 thuthoo
5 thoocho

Which is a little better.  Either way, I don't think this package should be
removed.  A sysadmin/user has the choice to use an insecure password or to
use something secure.  Maybe it should be changed back to the old default
behavior though.


Reply to: