Re: [patch] upon install of new operating system version, do not set root password to empty string

[Rodrigo Mosconi]

2017-11-28 21:59 GMT-02:00 Ian Sutton :

> This is a highly theoretical and experimental mitigation which stops the
> root password on newly upgraded/installed systems from being an empty
> string. The thinking is that by not shipping an operating system with a
> known root password, certain classes of attacks involving logging into
> the root account might be avoided. I would like some feedback from the
> cryptography team as well as NIST finalists in order to better ascertain
> the implications of this behaviour.
>


I could install a system with empty root password, but with a ssh key

Willing to help

[Rodrigo Mosconi]

Hi OpenBSD developers,

First of all: Thanks by the project.


I would like to receive some help/mentoring. I`m cursing a master degree
course at PUC-Rio, and I need to "create a useful program that performs a
service of interest to anyone other than exsively the student." So I would
like to create something to the openbsd project.

I would like to know in which areas need some work?  I have partial time to
work on it and only this half year to do it.  Some of the old google summer
of code is still need?  There are some need to a new daemon, or replace an
old one, aligned with the openbsd style ( configuration files, privsep,
plegde)?

Thanks for any help,

Mosconi