Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 17 Jan 2012 21:58:25 +0200
From: Henri Salo <henri@...v.fi>
To: oss-security@...ts.openwall.com
Subject: Re: Re: pwgen: non-uniform distribution of passwords

On Tue, Jan 17, 2012 at 11:51:31PM +0400, Solar Designer wrote:
> It was just pointed out to me off-list that the man page for pwgen
> specifically mentions that this kind of passwords "should not be used in
> places where the password could be attacked via an off-line brute-force
> attack."  I had missed that detail or at least I did not recall it.
> 
> This kind of documentation certainly mitigates the problem to some extent.

I'll bet most of the end-users will also miss this if you did.

- Henri Salo

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ