Package: apg
Version: 2.2.3.dfsg.1-4
Severity: important
Dear Maintainer,
This password generator, build upon a NIST-document from 1993 (which
itself is
based upon an older offline paper), should probably be reevaluated or
contain a
big fat warning, since the documents on which it's based are retracted
by NIST
because "are obsolete and are being withdrawn because they have not been
updated to
reference current or revised voluntary industry standards, federal
specifications, or federal data standards."
I don't know if there's anything wrong with the document or this
algorithm within
the password generator itself or if it's simply a fact of people not
having paid
a close look in recent years.
-- System Information:
Debian Release: stretch/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 4.8.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages apg depends on:
ii libc6 2.24-8
apg recommends no packages.
apg suggests no packages.
-- no debconf information