Your message dated Fri, 04 Dec 2020 13:21:14 +0000
with message-id <[email protected]>
and subject line Bug#975469: fixed in gpw 0.0.19940601-10
has caused the Debian Bug report #975469,
regarding gpw: Weak seed to initialise the random generator
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
975469: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975469
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: gpw
Version: 0.0.19940601-9+b1
Severity: important
Tags: patch upstream
Dear Maintainer,
Recently I read https://github.com/rclone/rclone/issues/4783 . rclone
was generating weak passwords: all the passwords were in a set of 33
million possible generated passwords. I checked Debian packages that
could have the same problem and found that "gpw" has a similar problem
(1 million sets of passwords for a given password length). I initially
reported this bug to the Debian security team and they suggested to open
a public bug.
The problem is that "gpw" uses a seed for the random generator based
only on microseconds: a number between 0 and 999999. The generated
passwords for a certain password length depend on the dictionaries
installed at compilation time (the same for all the Debian users) and
the seed. There are only 1 million sets of different passwords (for the
same length) generated by "gpw". E.g, if faketime is installed, Debian 9
or Debian 10 gpw would generate:
carles@pinux:~$ faketime -f '2008-12-24 08:15:43' gpw
demoduls
pebfurge
ratentso
prockerm
ndivical
ualksect
alidedit
iredgedr
pledonsu
lizensms
carles@pinux:~$
(faketime doesn't support microseconds and by default sets it to .0
microseconds)
In other words: If anyone is generating passwords with "gpw 1" (in
Debian) there are only 1 million possible sets of passwords for this
length. Or even doing "gpw 1 99": only 1 million possible passwords of
length 99.
I am not an expert in cryptography and my solution might be wrong but
here is a possible patch:
Possible patch: I copied two functions from "pwgen" and used them from
"gpw". Then the seed is one in 9223372036854775807 (2^63-1) instead of
one in 1000000 (2^20 approx.). Another approach would be to use
libgcrypt from gpw (other software, like apg, use this approach). I'm
unsure if the license of gpw is compatible with GPL (randnum.c is GPL).
Perhaps the maintainer or upstream can clarify this / provide a
different fix if it's not correct, etc.
Interestingly: "pwgen" in 2013 had a bug with a similar issue:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=767008 . In this case
it generated the seed using /dev/urandom. If it failed it used
/dev/random and if this also failed it used a combination of seconds,
getpgrp(), getpid() and microseconds. This was considered too weak and
it was updated to use only /dev/urandom and /dev/random
(https://github.com/tytso/pwgen/commit/ccda6f21c678188074aaa1c673008a8c7ac1b3cf).
-- System Information:
Debian Release: 10.6
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.19.0-12-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=ca_ES.UTF-8, LC_CTYPE=ca_ES.UTF-8 (charmap=UTF-8),
LANGUAGE=ca_ES.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages gpw depends on:
ii libc6 2.28-10
gpw recommends no packages.
gpw suggests no packages.
-- no debconf information
diff --git a/Makefile b/Makefile
index 8b2c826..4fd5dee 100644
--- a/Makefile
+++ b/Makefile
@@ -9,7 +9,10 @@ all : gpw loadtris
echo gpw created, can delete loadtris
gpw : gpw.o
- $(COMPILER) $(DEBUGARGS) -o gpw gpw.o
+ $(COMPILER) $(DEBUGARGS) -o gpw gpw.o randnum.o
+
+randnum.o: randnum.c
+ $(COMPILER) $(DEBUGARGS) -o randnum.o -c randnum.c
trigram.h : loadtris
./loadtris /usr/dict/words | sed "s/, }/}/" > trigram.h
@@ -24,4 +27,4 @@ loadtris.o : loadtris.c
$(COMPILER) $(DEBUGARGS) -o loadtris.o -c loadtris.c
clean :
- rm gpw loadtris loadtris.o gpw.o # trigram.h
+ rm gpw loadtris loadtris.o gpw.o randnum.o # trigram.h
diff --git a/Makefile.Debian b/Makefile.Debian
index 3e7baed..60ef181 100644
--- a/Makefile.Debian
+++ b/Makefile.Debian
@@ -14,8 +14,11 @@ BIN=$(DESTDIR)/usr/bin
all : gpw loadtris
echo gpw created, can delete loadtris
-gpw : gpw.o
- $(COMPILER) $(DEBUGARGS) -o gpw gpw.o
+gpw : gpw.o randnum.o
+ $(COMPILER) $(DEBUGARGS) -o gpw gpw.o randnum.o
+
+randnum.o: randnum.c
+ $(COMPILER) $(DEBUGARGS) -o randnum.o -c randnum.c
trigram.h : loadtris
./loadtris /usr/share/dict/words | sed "s/, }/}/" > trigram.h
@@ -30,7 +33,7 @@ loadtris.o : loadtris.c
$(COMPILER) $(DEBUGARGS) -o loadtris.o -c loadtris.c
clean :
- rm -f gpw loadtris loadtris.o gpw.o trigram.h
+ rm -f gpw loadtris loadtris.o gpw.o randnum.o trigram.h
diff --git a/gpw.c b/gpw.c
index be3c307..2316f95 100644
--- a/gpw.c
+++ b/gpw.c
@@ -13,11 +13,6 @@
and looking for real words in its output.. they are very rare, on the
order of one in a thousand.
- This program uses "drand48()" to get random numbers, and "srand48()"
- to set the seed to the microsecond part of the system clock. Works
- for AIX C++ compiler and runtime. Might have to change this to port
- to another environment.
-
The best way to use this program is to generate multiple words. Then
pick one you like and transform it with punctuation, capitalization,
and other changes to come up with a new password.
@@ -35,6 +30,7 @@
/* #include <bsd/sys/time.h> */
/* following for BSD */
#include <sys/time.h>
+#include <limits.h>
int main (int argc, char ** argv) {
int password_length; /* how long should each password be */
@@ -47,14 +43,11 @@ int main (int argc, char ** argv) {
long sum; /* running total of
frequencies */
char password[100]; /* buffer to develop a password
*/
int nchar; /* number of chars in
password so far */
- struct timeval systime; /* time reading for random seed */
- struct timezone tz; /* unused arg to gettimeofday */
password_length = 8; /* Default value for password length */
n_passwords = 10; /* Default value for number of
pws to generate */
- gettimeofday (&systime, &tz); /* Read clock. */
- srand48 (systime.tv_usec); /* Set random seed. */
+ srand48 (pw_random_number(LONG_MAX)); /* Set random seed. */
if (argc > 1) { /* If args are given, convert
to numbers. */
n_passwords = atoi (&argv[1][0]);
diff --git a/randnum.c b/randnum.c
new file mode 100644
index 0000000..7e55264
--- /dev/null
+++ b/randnum.c
@@ -0,0 +1,77 @@
+/*
+ * randnum.c -- generate (good) randum numbers.
+ *
+ * Copyright (C) 2001,2002 by Theodore Ts'o
+ *
+ * This file may be distributed under the terms of the GNU Public
+ * License.
+ */
+
+ /** This file is from pwgen package, adapted for gpw */
+
+#include <stdio.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include <sys/time.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <errno.h>
+
+#ifdef HAVE_DRAND48
+extern double drand48(void);
+#endif
+
+static int get_random_fd(void);
+
+/* Borrowed/adapted from e2fsprogs's UUID generation code */
+static int get_random_fd()
+{
+ struct timeval tv;
+ static int fd = -2;
+
+ if (fd == -2) {
+ gettimeofday(&tv, 0);
+ fd = open("/dev/urandom", O_RDONLY);
+ if (fd == -1)
+ fd = open("/dev/random", O_RDONLY | O_NONBLOCK);
+ }
+ return fd;
+}
+
+/*
+ * Generate a random number n, where 0 <= n < max_num, using
+ * /dev/urandom if possible.
+ */
+long int pw_random_number(max_num)
+ long int max_num;
+{
+ long int rand_num;
+ int i, fd = get_random_fd();
+ int lose_counter = 0, nbytes = sizeof(rand_num);
+ char *cp = (char *) &rand_num;
+
+ if (fd >= 0) {
+ while (nbytes > 0) {
+ i = read(fd, cp, nbytes);
+ if ((i < 0) &&
+ ((errno == EINTR) || (errno == EAGAIN)))
+ continue;
+ if (i <= 0) {
+ if (lose_counter++ == 8)
+ break;
+ continue;
+ }
+ nbytes -= i;
+ cp += i;
+ lose_counter = 0;
+ }
+ }
+ if (nbytes == 0)
+ return (rand_num % max_num);
+
+ /* We weren't able to use /dev/random, fail hard */
+
+ fprintf(stderr, "No entropy available!\n");
+ exit(1);
+}
--- End Message ---
--- Begin Message ---
Source: gpw
Source-Version: 0.0.19940601-10
Done: Francesco Paolo Lovergine <[email protected]>
We believe that the bug you reported is fixed in the latest version of
gpw, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Francesco Paolo Lovergine <[email protected]> (supplier of updated gpw package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 04 Dec 2020 11:30:48 +0000
Source: gpw
Binary: gpw gpw-dbgsym
Architecture: source amd64
Version: 0.0.19940601-10
Distribution: unstable
Urgency: medium
Maintainer: Francesco Paolo Lovergine <[email protected]>
Changed-By: Francesco Paolo Lovergine <[email protected]>
Description:
gpw - Trigraph Password Generator
Closes: 900915 975469
Changes:
gpw (0.0.19940601-10) unstable; urgency=medium
.
* Policy updated. Debhelper level set to 10.
* Now using debian/Makefile instead of the obsolete Makefile.Debian added to
source, so removed a patch and simplified a bit structure of changes.
* Fixed for cross-compiling the debian way.
Thanks Helmut Grohne <[email protected]>.
(closes: #900915)
* Added randnum.o taken from pwgen to better randomize the initial seed.
Thanks to Carles Pina i Estany <[email protected]>.
(closes: #975469)
Checksums-Sha1:
ca8a23d39efa0061c6158d79e7644e2f369f05b9 1773 gpw_0.0.19940601-10.dsc
ffe6c105e31db5703fa3b73c0b628813a675350e 6736 gpw_0.0.19940601-10.debian.tar.xz
e11bfa28b910564e228557b9e12aa91467dd4a82 7164
gpw-dbgsym_0.0.19940601-10_amd64.deb
18080554b4d3132189cb8d5689fddbc3f0971c5a 6031
gpw_0.0.19940601-10_amd64.buildinfo
fec4cd38eb5bead2b9cc969dc908d90c4a3aadd0 17756 gpw_0.0.19940601-10_amd64.deb
Checksums-Sha256:
8626f2930e78746af44c9cfda0b9005d823a7d4f8a856996b9f41ca9951c6931 1773
gpw_0.0.19940601-10.dsc
200994173de203dcf01e1af278bb17d8a112bb47455dc1c53e66dcaba2ad0109 6736
gpw_0.0.19940601-10.debian.tar.xz
2b8ab5a9804beeb1c20cdf7f3df69d497ca21ce54a5e6f17ae9db954cdc0c09b 7164
gpw-dbgsym_0.0.19940601-10_amd64.deb
2dc55413d2a2bf69cf8d01cd8950ac49259a12b57e6e87ca940acf279ad7e70d 6031
gpw_0.0.19940601-10_amd64.buildinfo
8fa8c18b679cd7ad7d5dc75d6caa848d0ec8866f84025c82a95742adf2077a54 17756
gpw_0.0.19940601-10_amd64.deb
Files:
0362a9fde9fabd0c0a22faa47f95c3aa 1773 utils optional gpw_0.0.19940601-10.dsc
28c17d758e87216d74993d561c4564d1 6736 utils optional
gpw_0.0.19940601-10.debian.tar.xz
a31bfe3585dd6880a15ade52e87e3e7b 7164 debug optional
gpw-dbgsym_0.0.19940601-10_amd64.deb
62e47e47753c47804dacc5667ccc05a5 6031 utils optional
gpw_0.0.19940601-10_amd64.buildinfo
ec9bb40deca49a752e4c2e01529ba992 17756 utils optional
gpw_0.0.19940601-10_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQJHBAEBCgAxFiEEBXmpeiI46/m+Ye0CDwKl4RY2hqQFAl/KNAUTHGZyYW5raWVA
ZGViaWFuLm9yZwAKCRAPAqXhFjaGpNS8D/9hrsn+1JlOqzfMj9aYgSJOzVfaby5I
64tkQZ7XZT+LFxrsenVzwE6mtmQJ6i9rCtaaIX+Kxy0LpCCirCWdUkUniWDImksP
XFx6VRl5lR4laLXF+sRrGCxwNo56k5VmYuHWyNo7UGd46XrUGzH+5Bz5nKpTEseC
AvTVojE/uJn6TFu+eyvh9HJlCze0ae0n+eXAc+DS7HxmWBAoWnn4/RFSO6RuI/F1
bzLZjWjRYBaByRbT79RaIGHcgA7P3ZbWmihbbG6EAuCynH9Rf/W///sX5GqwNFjS
Z7EFymcnBEXtYqZiI2vwO+zoOs2Emn0UoqZ+jaZXWls8JZ0+YbWPyasLtYG2yrod
QUeo5Jdb1zQkl1hmz0OnmyFP3uM+kaAUtW27L9dEfpksqZxSCKapaKrtj3dH5s6A
7dE8NJm/S+EyhhVYxwfMB72DbDSsw8qS+EmmLMb2CdOq0jlrgnw+QhqAFwiXefRf
/udVSw/xIMHcG3/qz1FWTIYU/VZ6AY3ZT1nv0zXm6jp2rMLaGZ3QI97aje4gVNhR
tKZsgDnPBzc+rTKyPsGC6JMxrAjR1OgZvTfRaqZuNkyw6exyn8TlqkaX5JfkrwVv
YQ1XRv5Kicxu0aC6O+lxEr2CL36IJG9ISWb64ZoTCIHh4nPH9qrXpv/gqkUdKdNi
p/lcTgLKuMlydA==
=9BDi
-----END PGP SIGNATURE-----
--- End Message ---
