1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
qtpass (1.1.6-1+deb9u1) stretch; urgency=medium
All passwords generated with QtPass' built-in password generator prior to
1.1.6-1+deb9u1 are possibly predictable and enumerable by hackers.
The generator used libc's random(), seeded with srand(msecs), where msecs is
not the msecs since 1970 (not that that'd be secure anyway), but rather the
msecs since the last second. This means there are only 1000 different
sequences of generated passwords.
.
NB: QtPass uses `pwgen` to generate passwords by default. This means, if you
didn't change the configuration to use the built-in password generator your
passwords are safe. If you used the built-in password generator, change all
passwords you generated with QtPass.
-- Philip Rinn <rinni@inventati.org> Sun, 07 Jan 2018 13:45:10 +0100
|
