Bug#415098: dbconfig can create tiny random passwords
hey shish, On Fri, 2007-03-16 at 02:40 +, Shish wrote: The package I noticed this in was nagios-mysql; the first install I did created a nice, long, random looking password. Then I scrapped the install and redid things from scratch, resulting in: #xsddb_host= #xsddb_port= xsddb_database=nagiosmysql xsddb_username=nagios-mysql xsddb_password=8 thanks for reporting this. someone brought it up on irc last week as well, and i'm fairly certain i know the cause of it this. the password generation reads from /dev/urandom until N alhpanumeric characters have been found, but if there's a newline in the middle it will truncate the output, resulting in what you see there. i'll see about implementing an alternate version that ensures passwords will be = 8 characters long. sean signature.asc Description: This is a digitally signed message part
Bug#415098: dbconfig can create tiny random passwords
Package: dbconfig-common Version: 1.8.29+etch1 Severity: minor While I am aware that the password 8 is just as totally random as Af3fS35xF, I feel that it's worryingly close to the beginning of the search space for a brute force attack -- I will confess that I'm no security expert, but might it be a good idea to pass the passwords through something like cracklib to filter out the totally weak ones? The package I noticed this in was nagios-mysql; the first install I did created a nice, long, random looking password. Then I scrapped the install and redid things from scratch, resulting in: #xsddb_host= #xsddb_port= xsddb_database=nagiosmysql xsddb_username=nagios-mysql xsddb_password=8 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
