Subject: re: add rnd(4) to install floppy
To: Steven M. Bellovin <>
From: matthew green <>
List: tech-security
Date: 09/06/2003 05:00:20
   In message <>, "Nathan J. Willia
   ms" writes:
   > (Jun-ichiro itojun Hagino) writes:
   >> 	well, then, we should probably put some code into sysinst that warns
   >> 	user like "password entries are created with weak random number, you
   >> 	will not want to configure root password during this installation
   >> 	session" for kernels without rnd(4).
   >This seems totally overwrought. All the random number is used for here
   >is generating a salt, whose goal is to make dictionary attacks on the
   >encrypted password difficult, right? I don't think that requires a
   >top-notch random-number generator.
   I was about to post the same observation.  (The situation will be 
   different if, as itojun suggests, sysinst generates ssh keys, but 
   perhaps that should be done at first boot?)

which is currently how things stand, isn't it?