Sat, 20 Feb 2016 11:52:32 +0100 [email protected] > Wow, that's new to me. Thanks.
Yep, the FAQ is pretty new and shiny. FAQ8 general questions. FAQ10 system management. A must read for half the questions you may have in general use. The entire FAQ is the first thing to query before the mailing list. If you are unsure about a man page, check the FAQ and search online. OpenBSDĀ Resources section on the main page is listing the items in order for a specific reason. > Anyway, I still think that this "password rescue" should not be > allowed by default. You'll get flak for this, it is not what you think, it is what's right for the majority of users on the system. Nobody wants to be bothered for workaround, and most people manage quite more than the number of machines you run at home occasionally OpenBSD. > I know operating systems can do very little to prevent physical > problems like side-channel attacks, but this is not the case, and > this does not mean that the OS should not make it harder the attacks > even if someone have physical access. There's systems, from what I > remember (HP servers, I think), that allow remote control based on > firmware. One could use this escape "feature" to get your root, > without physical access. Same for hosts services. If you think this has not been talked and repeated yet... read this message again. > Also, the page 14.21 from faq say "I forgot my passphrase! Sorry. > This is real encryption, there's not a back door or magic unlocking > tool." why exactly the root should be different? The word encryption makes it not equivalent to single user. Consistency should be sought where applicable only, not as a magic wand regular expression. > If one lost his passphrase, it's his fault. I thought the philosophy > was "secure by default", even if this make the "computer difficult to > manage properly". You're not making much sense but if you want to continue, don't say it's somebody shouting at you later. Read the FAQ again and ponder why it is so, and not how it should be according to your single use case.
