[aur-requests] [PRQ#7833] Deletion Request for correcthorse-git
notify at aur.archlinux.org
notify at aur.archlinux.org
Sat Apr 1 21:13:49 UTC 2017
dinghy [1] filed a deletion request for correcthorse-git [2]:
This software does use actual randomness. The correcthorse algorithm
needs perfect randomness and non-reproducibility to create secure
passwords (as does any password generator, in fact).
But THIS IMPLEMENTATION HAS A FLAW: successive commands within about a
second generate the same password. This implementation is therefore
time-based and not making use of /dev/(u)random.
Proof: the following is [ENTER]+[UP] as fast as possible.
~ correcthorse
goneededpurposewhy
~ correcthorse
unusualgovernmentgirlyesterday
~ correcthorse
unusualgovernmentgirlyesterday
~ correcthorse
unusualgovernmentgirlyesterday
~ correcthorse
unusualgovernmentgirlyesterday
~ correcthorse
unusualgovernmentgirlyesterday
~ correcthorse
weakhispleasantthey
~ correcthorse
weakhispleasantthey
~ correcthorse
weakhispleasantthey
~ correcthorse
weakhispleasantthey
~ correcthorse
weakhispleasantthey
~ correcthorse
johnnyparallelrecognizenumeral
The AUR package pwgen-passphrase does the same and also originates
from the correcthorse concept, but uses proper randomness.
[1] https://aur.archlinux.org/account/dinghy/
[2] https://aur.archlinux.org/pkgbase/correcthorse-git/
More information about the aur-requests
mailing list