Re: Which password cipher ?

[Julio Merino <jmmv84%gmail.com@localhost>]

On 12/1/10 10:59 AM, Robert Elz wrote:
>      Date:        Wed, 1 Dec 2010 09:42:17 +0000
>      From:        Julio Merino<jmmv%NetBSD.org@localhost>
>      
> Message-ID:<AANLkTimY1WcUrXgdObPZzi_jv2ysKV+9esJ46s5CXn=e%mail.gmail.com@localhost>
>
>    | Which makes me wonder... why do we even *ask* people to choose a
>    | cypher algorithm during install?  Couldn't we, as the developers of
>    | the system, make a good choice for our users (and let them change it
>    | after installation if they so wish, just as they can with everything
>    | else)?  (It just feels stupid that we have a question in sysinst for
>    | something as trivial as this but we don't have a way to select, e.g.
>    | which services to enable.)
>
> It is (of course) because we really want sysinst to encourage setting a
> root password, and we need to know which cipher to use to set that one with,
> before it is set.   Nothing sysinst does inhibits in any way enabling
> the various services, but setting a root password with the "wrong" cipher
> would be annoying.
"Of course".  But really, who cares?  Why would you ever have to think 
about what cypher algorithm to use, *specially* during installation?  
And if you want to change it at all after install, you should know how 
to and, therefore, you should know what implications that has and how to 
deal with them.

Seriously: offering the user to set a root password is an obvious thing 
to do because we (the developers) can't choose one for the user.  But 
for the cypher algorithm?  We can, and we can certainly do better than 
just dump such a teeny-tiny question onto the user.  (It's the same as 
if sysinst offered you to change PS1 just because it should be "correct" 
on the first boot.)