Write tool to determine if a pool password is weak or broken (when used a signing key).


Basically, does this file have an embedded NUL, or is one generated when our XOR is applied?


John (TJ) Knoeller
March 29, 2021, 6:49 PM


  1. line 176 in the output message, the word “changes” should be “change”

Todd L Miller
March 29, 2021, 4:21 PM

Assigning to TJ to do the second code review we wanted. Documentation still needs to be done.

Todd L Miller
March 29, 2021, 4:03 PM

Documentation must occur in the release notes and in the how-to-upgrade instructions.

We can do the man page later.

Todd L Miller
March 27, 2021, 9:02 PM

Code Review

  • Assumes we don’t need explicit packaging for Debian. We should verify that the tool is installed on both RPM and Debian before release.

  • One minor tweak I’d consider cleaning up (but is not a blocker) is the following case up, maybe with a suggestion about setting CONDOR_CONFIG or specifying a key on the command line:

  • The code is otherwise reasonable and specific tests are OK, although I didn’t verify that its and HTCondor’s implementation of the scramble agree in practice, code inspection seems to indicate that it does.

  • Will push the merge pending BaTLab results.

Brian Bockelman
March 27, 2021, 8:30 PM

Talking with we decided that we should provide this as part of 8.9.13 and provide an option to truncate the key files, making them backward compatible with older versions of HTCondor.

Time remaining



John (TJ) Knoeller