Your message dated Wed, 27 Apr 2005 15:47:57 -0400
with message-id <[EMAIL PROTECTED]>
and subject line Bug#306293: fixed in libcrypt-passwdmd5-perl 1.3-5
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 25 Apr 2005 15:16:00 +0000
>From [EMAIL PROTECTED] Mon Apr 25 08:16:00 2005
Return-path: <[EMAIL PROTECTED]>
Received: from adsl-065-015-138-122.sip.mco.bellsouth.net (mail.ultrawaves.com)
[65.15.138.122]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DQ5JY-00042h-00; Mon, 25 Apr 2005 08:16:00 -0700
Received: from [10.20.30.16] (scooter.ultrawaves [10.20.30.253])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by mail.ultrawaves.com (Postfix) with ESMTP id D75F245C015
for <[EMAIL PROTECTED]>; Mon, 25 Apr 2005 11:15:58 -0400 (EDT)
Message-ID: <[EMAIL PROTECTED]>
Date: Mon, 25 Apr 2005 11:16:01 -0400
From: Eric Lammerts <[EMAIL PROTECTED]>
User-Agent: Mozilla Thunderbird 1.0 (X11/20041206)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: [EMAIL PROTECTED]
Subject: minor error in salt generation
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: libcrypt-passwdmd5-perl
Version: 1.3-4
Severity: minor
Hi,
I noticed that when you let Crypt::PasswdMD5 generate its own salt,
it only uses 63 values out of 64:
$itoa64 =
"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
...
$salt .= substr($itoa64,int(rand(64)+1),1)
while length($salt) < 8;
The int(rand(64)+1) returns 1..64, so "." is never used, and one out of
64 times an empty string is appended.
Because of the loop we'll still have 8 bytes, so it's a not a big deal
(total of 8*log(63)/log(2) = 47.8 bits of randomness instead of 48)
Eric
---------------------------------------
Received: (at 306293-close) by bugs.debian.org; 27 Apr 2005 19:54:10 +0000
>From [EMAIL PROTECTED] Wed Apr 27 12:54:10 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DQsbq-00049C-00; Wed, 27 Apr 2005 12:54:10 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1DQsVp-0005A2-00; Wed, 27 Apr 2005 15:47:57 -0400
From: Florian Ernst <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#306293: fixed in libcrypt-passwdmd5-perl 1.3-5
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Wed, 27 Apr 2005 15:47:57 -0400
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Source: libcrypt-passwdmd5-perl
Source-Version: 1.3-5
We believe that the bug you reported is fixed in the latest version of
libcrypt-passwdmd5-perl, which is due to be installed in the Debian FTP archive:
libcrypt-passwdmd5-perl_1.3-5.diff.gz
to
pool/main/libc/libcrypt-passwdmd5-perl/libcrypt-passwdmd5-perl_1.3-5.diff.gz
libcrypt-passwdmd5-perl_1.3-5.dsc
to pool/main/libc/libcrypt-passwdmd5-perl/libcrypt-passwdmd5-perl_1.3-5.dsc
libcrypt-passwdmd5-perl_1.3-5_all.deb
to
pool/main/libc/libcrypt-passwdmd5-perl/libcrypt-passwdmd5-perl_1.3-5_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Florian Ernst <[EMAIL PROTECTED]> (supplier of updated libcrypt-passwdmd5-perl
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 27 Apr 2005 20:47:29 +0200
Source: libcrypt-passwdmd5-perl
Binary: libcrypt-passwdmd5-perl
Architecture: source all
Version: 1.3-5
Distribution: unstable
Urgency: low
Maintainer: Florian Ernst <[EMAIL PROTECTED]>
Changed-By: Florian Ernst <[EMAIL PROTECTED]>
Description:
libcrypt-passwdmd5-perl - interoperable MD5-based crypt() for perl
Closes: 306293
Changes:
libcrypt-passwdmd5-perl (1.3-5) unstable; urgency=low
.
* fix salt generation now as upstream plans unrelated changes for
the next revision (Closes: #306293)
Files:
e7e88dacc7585b68aefd23c6d3a456cc 658 perl optional
libcrypt-passwdmd5-perl_1.3-5.dsc
dec8beb38ccd9cd276a01fdc1d2db916 2438 perl optional
libcrypt-passwdmd5-perl_1.3-5.diff.gz
0070635146a578d25a3c8330204415db 9856 perl optional
libcrypt-passwdmd5-perl_1.3-5_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFCb9+8s3U+TVFLPnwRAmrnAJ9Zr+BYcrMT+dvP04QXANTYpvx++gCgglwI
NY4REOvzR0ovcJ7+yorcSYk=
=nT2W
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
