On Tue, Mar 16, 1999 at 10:52:27AM -0500, Perry E. Metzger wrote:
> 
> woods@most.weird.com (Greg A. Woods) writes:
> > The old "toor" *is* a duplicate root account and instantly makes it
> > twice as easy (statistically speaking) to guess a uid==0 password.
> 
> toor typically had no password.

Um, you should really check your facts before you go spewing nonsense
like this.

I'm looking at src/etc/master.passwd from _before_ the recent change.
"root" has no password.  "toor" has a * in the encrypted passwd field.

Which, if you're going to have a "toor" account, seems to me is how it
should be.  If the user wants to turn it on, let him -- but make it
useless unless/until he does.

Frankly, I don't care about "toor" going away.  But it'd be nice to be
able to discuss it on a _factual_ basis.

-- 
Thor Lancelot Simon	                                      tls@rek.tjls.com
	"And where do all these highways go, now that we are free?"