flaw in RH ``mkpasswd'' command

Hey, The mkpasswd password generator that ships in the expect'' package of at least RedHat 6.2 generates only a relatively small number 2^15 for the default password length of passwords. Presumably this is a result of trying to apply too many rules of what is a good'' password to the generation...

CVE-2001-1467

mkpasswd in expect 5.2.8, as used by Red Hat Linux 6.2 through 7.0, seeds its random number generator with its process ID, which limits the space of possible seeds and makes it easier for attackers to conduct brute force password attacks...