Subject: Re: add rnd(4) to install floppy
To: Jun-ichiro itojun Hagino <>
From: Nathan J. Williams <>
List: tech-security
Date: 09/05/2003 11:43:54 (Jun-ichiro itojun Hagino) writes:

> 	well, then, we should probably put some code into sysinst that warns
> 	user like "password entries are created with weak random number, you
> 	will not want to configure root password during this installation
> 	session" for kernels without rnd(4).

This seems totally overwrought. All the random number is used for here
is generating a salt, whose goal is to make dictionary attacks on the
encrypted password difficult, right? I don't think that requires a
top-notch random-number generator.

        - Nathan