-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Stephan Kulow schrieb: | Am Sonntag, 27. April 2008 schrieb Vahis: | | Not sure what you're talking about, but the reason is simple: it's easier | for the average user to remember _one_ cryptographically strong password | than two. So what we've seen is that people take either one very weak password | for either root or user (both being bad with us having ssh on by default - | which the majority of this list refused to change) or used the same password | for both. | | And we want to strengthen the message: the better way is to have one _GOOD_ | password in the average case openSUSE is installed - on people's home | machines. I disagree. Having two passwords is highly sensefull. Once a machine is set up and software installed you basically never really need the root password any more, as updating can be done passwordless using suid or sudo. Those users only using one password are also likely to use very weak passwords (as strong passwords are "hard" to use). | | If you see a good reason to force the average home user to remember two | passwords let me know. I don't know of any. As stated, a user does not need the root password frequently after lets say two weeks after having installed the box. Even I don't. Maybe it would be a good idea instead to integrate a password generator into the installer, which proposes a root password to the user. Of course, like in truecrypt, the user would really be made to either write it down or to choose one password himself. This is still less annoying than disregarding the "password is to weak" and the "password is in list" boxes which no one seems to read. | | Greetings, Stephan Cheers Felix | --------------------------------------------------------------------- | To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org | For additional commands, e-mail: opensuse-factory+help@opensuse.org | | | -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIFE6maQ44ga2xxAoRAkDvAKCS+9IsCh9zzBNyZk+DJSqcVqXEswCcCPMI Psq8BBtHAN7jiRxkh5bOil4= =yRXa -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org