Bug#775718: installation-guide: Appendix B.4: Several security flaws
Control: tags -1 pending Dirk Heinrichs, le Mon 19 Jan 2015 09:18:19 +0100, a écrit : > 1. It leaves the password in the shells history file as clear text. > 2. It still uses MD5 instead of SHA512. Thanks for the report, this is now fixed. Samuel -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#775718: installation-guide: Appendix B.4: Several security flaws
Source: installation-guide Severity: normal Dear Maintainer, in appendix B.4 (http://d-i.debian.org/manual/en.i386/apbs04.html) of the installation guide the user is advised to generate an encrypted password using the command printf "r00tme" | mkpasswd -s -m md5 This is severely flawed in two ways: 1. It leaves the password in the shells history file as clear text. 2. It still uses MD5 instead of SHA512. Better use a simple mkpasswd -m sha-512 It's also not clear that the user needs to install the "whois" package to get the mkpasswd command. Bye... Dirk -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org