Subject: re: add rnd(4) to install floppy
To: Steven M. Bellovin <firstname.lastname@example.org>
From: matthew green <email@example.com>
Date: 09/06/2003 05:00:20
In message <firstname.lastname@example.org>, "Nathan J. Willia
>email@example.com (Jun-ichiro itojun Hagino) writes:
>> well, then, we should probably put some code into sysinst that warns
>> user like "password entries are created with weak random number, you
>> will not want to configure root password during this installation
>> session" for kernels without rnd(4).
>This seems totally overwrought. All the random number is used for here
>is generating a salt, whose goal is to make dictionary attacks on the
>encrypted password difficult, right? I don't think that requires a
>top-notch random-number generator.
I was about to post the same observation. (The situation will be
different if, as itojun suggests, sysinst generates ssh keys, but
perhaps that should be done at first boot?)
which is currently how things stand, isn't it?