Re: Which password cipher ?

[David Young <dyoung%pobox.com@localhost>]

On Wed, Dec 01, 2010 at 09:42:17AM +0000, Julio Merino wrote:
> Which makes me wonder... why do we even *ask* people to choose a
> cypher algorithm during install?  Couldn't we, as the developers of
> the system, make a good choice for our users (and let them change it
> after installation if they so wish, just as they can with everything
> else)?  (It just feels stupid that we have a question in sysinst for
> something as trivial as this but we don't have a way to select, e.g.
> which services to enable.)

Good point.  I'm stumped by the question every time.  Usually I think,
"I vaguely remember headlines about deficiencies of MD5 and of SHA1, so
I vaguely distrust them; DES has shortcomings that I cannot remember;
and for better or for worse, MD5 seems to be used everywhere."  Then I
make an arbitrary choice!

On Wed, Dec 01, 2010 at 11:14:05AM +0000, Julio Merino wrote:
> Seriously: offering the user to set a root password is an obvious
> thing to do because we (the developers) can't choose one for the
> user.

Hmm, I don't know.  If there's a good entropy source on the system,
sysinst can probably generate a better password than most users will
pick themselves. :-)

Dave

-- 
David Young             OJC Technologies
dyoung%ojctech.com@localhost      Urbana, IL * (217) 278-3933