[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

apg (was: Intent to Rewrite: pwgen)

On Fri, 1 Jun 2001 13:29:37 -0400, Theodore Tso <tytso@mit.edu> wrote:
>On Fri, Jun 01, 2001 at 11:52:19AM +0200, Marc Haber wrote:
>> Are you aware of apg (http://www.adel.nursat.kz/apg/)? It comes with a
>> DFSG-free license and seems to do a much better job of generating
>> passwords. I have filed an ITP a few weeks ago, didn't get around to
>> package it yet and would happily step aside if somebody else can do it
>> faster than me.
>No, I wasn't aware of apg.  It's a nice program, and it definitely has
>some nice features.  You should definitely package it.

A testing package of apg's standalone version is available on
http://q.bofh.de/~mh/debian/apg and will be put in the archive as soon
as somebody told me that my GPG signature on the package is valid and
no major packaging and policy bugs come up in the next few days.

>(I'd suggest
>that you *not* package the unencrypted TCP-based password generation
>service running on port 129, though, since it's basically just a Bad
>Idea.  "Can you say 'Attractive Nuisance'?  I knew you could...."  :-)

You mean that apgd stuff? I will put that into README.Debian so that I
don't get swamped with bug reports ;)

>One note about apg is that since the sources use the CAST encryption
>algorithm to do its random number generation (instead of relying on
>/dev/random or some MD5 or SHA based scheme), apg would have to go
>into non-US.

I wasn't aware of that. Thanks for pointing that out to me, it will be
fixed in the version that I actually upload.

Do you think it would be a good idea to ask upstream to refrain from
using CAST?


-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber          |   " Questions are the         | Mailadresse im Header
Karlsruhe, Germany  |     Beginning of Wisdom "     | Fon: *49 721 966 32 15
Nordisch by Nature  | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31 29

Reply to: