Hey,
The mkpasswd password generator that ships in the ``expect'' package of (at
least RedHat 6.2) generates only a relatively small number (2^15 for the
default password length) of passwords. Presumably this is a result of trying
to apply too many rules of what is a ``good'' password to the generation
process.
Simple test:
while [ 1 ] ; do mkpasswd >> /tmp/shez/passwords ; done
sleep 16000 # this is long enough to demonstrate enough on my machine
wc -l /tmp/shez/passwords
113544
sort -u /tmp/shez/passwords | wc -l
32193
IIRC I reported this to redhat last year some time.
Cheers
Shez
P.S.
Apologies if you've seen this already, I couldn't see anything in the
archives on it but I've not been onn bugtraq for a while now.
