The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security of `dupload' and `pwgen'?



> Q1: Does `dupload' send the password across the Internet in the clear?

By default, but I thought there was a way to tell it to use scp
instead (when last I checked we weren't running ssh on master, but if
we are now, that would help...)  That way you get all the benefits of
dupload but have it use scp to do the work.  The man page only hints
at this, but looking at the code, setting method=>"scp" in your
dupload.conf should do the trick.  (I'll try it myself, as soon as the
X packages are built...)

> Q2: If I generate a password with `pwgen', couldn't someone run it in a 

If pwgen uses some good source of randomness (/dev/random or some of
the other tricks pgp uses are a good start) then in fact running it
again won't do an attacker any good...  probably doesn't hurt to
modify the pwgen output you use anyway, though :-)


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-private-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .