-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Am Mo den 10. Apr 2017 um 22:09 schrieb Alessandro Selli: > You still should use sudo, with a password - the user's own password. > Using root password many times, every day, is bad for security (the more > times you type it the higher the chances are it will be captured)
That is a common misunderstanding. If you have (like many people) have your account allowed to do everything with sudo, than it doesn't matter if you have to type the root password or your own. If a attacker can get hand on one of that two, he can use it. Moreover, it raises the attack vector from one password to two. That stupid use of sudo (That was initialize introduced by ubuntu) should have an end. Another think is if (or not) you should allow login as root via password at all. Regards Klaus - -- Klaus Ethgen http://www.ethgen.ch/ pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen <[email protected]> Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C -----BEGIN PGP SIGNATURE----- Comment: Charset: ISO-8859-1 iQGzBAEBCgAdFiEEMWF28vh4/UMJJLQEpnwKsYAZ9qwFAljsdA8ACgkQpnwKsYAZ 9qw9eQwAoVxp91qFTzDq0AEGXs4IJqnpPu/rJ5jbkcyOCCRnBJB/Lrr/CyBB6HcF xvVwHy2ReprGpUEOhnPQxPujtL0JLFzw0wrs2W8m29R/NudgI26j4Yu3FVtOYacc kvNofJfp6o8gRvgE8ontlNY8VheKLy9d8G/tub1SyiYg9vqZ7uizCee0UWD1wB+n T7U3ZX1Do6mPim1no03SrfQ25dHSRND3JaRYfg2wgV+ACaVtKOfkaTtMLCV6O8xJ L/3jMBvAxgRrxl11zEQyeKsRUkbgVvt14VRPW/f8p7NqDJRRPffU0+2xN5yrltRi z4n47ynBWdsIJIFdJ5nq4UQdsq3F8kT/PBL9gNw5DjO8EZY921EIiALF3NC88K4C QjATaCWggznidyz4Pm1bJ13474uo9htX42UBngTgi0ESFdNNtXCUiDC9+ApyQTlp AM9odcsdrLY/FGNj2c99TI2Cb77OXzeACBRToIfhIGCiydoSnA873yggIR/WRD/5 P1xeWINK =KNz/ -----END PGP SIGNATURE----- _______________________________________________ Dng mailing list [email protected] https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
