[aur-requests] [PRQ#7832] Deletion Request for correcthorse
notify at aur.archlinux.org
notify at aur.archlinux.org
Sat Apr 1 21:13:33 UTC 2017
dinghy [1] filed a deletion request for correcthorse [2]:
This software does use actual randomness. The correcthorse algorithm
needs perfect randomness and non-reproducibility to create secure
passwords (as does any password generator, in fact).
But THIS IMPLEMENTATION HAS A FLAW: successive commands within about a
second generate the same password. This implementation is therefore
time-based and not making use of /dev/(u)random.
Proof: the following is [ENTER]+[UP] as fast as possible.
~ correcthorse
goneededpurposewhy
~ correcthorse
unusualgovernmentgirlyesterday
~ correcthorse
unusualgovernmentgirlyesterday
~ correcthorse
unusualgovernmentgirlyesterday
~ correcthorse
unusualgovernmentgirlyesterday
~ correcthorse
unusualgovernmentgirlyesterday
~ correcthorse
weakhispleasantthey
~ correcthorse
weakhispleasantthey
~ correcthorse
weakhispleasantthey
~ correcthorse
weakhispleasantthey
~ correcthorse
weakhispleasantthey
~ correcthorse
johnnyparallelrecognizenumeral
The AUR package pwgen-passphrase does the same and also originates
from the correcthorse concept, but uses proper randomness.
[1] https://aur.archlinux.org/account/dinghy/
[2] https://aur.archlinux.org/pkgbase/correcthorse/
More information about the aur-requests
mailing list