On 2016-02-20, [email protected] <[email protected]> wrote: > Wow, that's new to me. Thanks. > Anyway, I still think that this "password rescue" should not be allowed by > default.
> Also, the page 14.21 from faq say "I forgot my passphrase! Sorry. This is > real encryption, there's > not a back door or magic unlocking tool." why exactly the root should be > different? If one lost his > passphrase, it's his fault. I thought the philosophy was "secure by default", > even if this make the > "computer difficult to manage properly". Requiring the root password to enter single-user mode would only *reduce* security, by making people feel safer than they are. It's an easy task to boot an install kernel (bsd.rd) or another OS or, if you have physical access to the machine, move the disk to another machine, and access the disk from there. If you don't want people to access the files, encrypt them. Anything else is smoke and mirrors.
