Subject: Re: add rnd(4) to install floppy
To: Jun-ichiro itojun Hagino <email@example.com>
From: Nathan J. Williams <firstname.lastname@example.org>
Date: 09/05/2003 11:43:54
email@example.com (Jun-ichiro itojun Hagino) writes:
> well, then, we should probably put some code into sysinst that warns
> user like "password entries are created with weak random number, you
> will not want to configure root password during this installation
> session" for kernels without rnd(4).
This seems totally overwrought. All the random number is used for here
is generating a salt, whose goal is to make dictionary attacks on the
encrypted password difficult, right? I don't think that requires a
top-notch random-number generator.