Source: installation-guide Severity: normal Dear Maintainer,
in appendix B.4 (http://d-i.debian.org/manual/en.i386/apbs04.html) of the installation guide the user is advised to generate an encrypted password using the command printf "r00tme" | mkpasswd -s -m md5 This is severely flawed in two ways: 1. It leaves the password in the shells history file as clear text. 2. It still uses MD5 instead of SHA512. Better use a simple mkpasswd -m sha-512 It's also not clear that the user needs to install the "whois" package to get the mkpasswd command. Bye... Dirk -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
