[Secure-testing-team] Bug#564559: makepasswd: Default settings generate insecure passwords

[Fyodor Menshikov]

Package: makepasswd
Version: 1.10-4
Severity: critical
Tags: security
Justification: root security hole

By default makepasswd gets 32-bit random seed from /dev/urandom, initializes
Perl random numbers generator with it using srand function and then generates
password length and password chars using rand function that is not cryptographic
secure and absolutely predictable by initial seed that is only 32 bit strength.

Default settings for makepasswd is password length from 8 to 10 characters inclusive
and password consisting of characters A-Za-z0-9 (total 62) so theoreticaly it is
possible to create 62^8+62^9+62^10 = 8.5e17 passwords in default mode. Actually
I think that security in this case better estimated by 62^8 = 2.1e14 because
all lengths have equal probability.

But because rand function depends completely on srand seed the amount of possible
passwords lowered from 8.5e17 or 2.1e14 to just 2^32 = 4.2e9. So any root user
(hence "root security hole" justification) that uses password generated by
makepasswd package is vulnerable to brute force attack. 4 billions paswords brute
force attack is quite possible.

The best solution of the issue I've found is using --rerandom=1 command line switch
that initializes srand with cryptographic secure /dev/urandom value before each rand
function call.

-- System Information:
Debian Release: squeeze/sid
  APT prefers stable
  APT policy: (900, 'stable'), (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-xen-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages makepasswd depends on:
ii  libcrypt-passwdmd5-perl       1.3-9      interoperable MD5-based crypt() fo
ii  perl                          5.10.1-8   Larry Wall's Practical Extraction 

makepasswd recommends no packages.

makepasswd suggests no packages.

-- no debconf information