Il giorno ven, 21/03/2008 alle 14.03 +0100, Oliver Neukum ha scritto:
Am Mittwoch, 27. Februar 2008 20:37:21 schrieb Alberto Passalacqua:
About the "Use the same password for root", I think it's plain wrong. Using the same password for root and the user reduces security.
Does it? If we don't offer it, people can do it anyway. But if they do it anyway, we give an attacker a cryptographical advantage by encrypting the same password twice.
You assume that the attacker know we are using the same password. Anyway, until that option is _unselected_by_default, as in alpha 3, it's not a concern for me. I just hope it will stay that way, because, according to rumours on IRC, it's supposed to be selected by default. If someone explicitly selects that, it's his fault. With kind regards, Alberto --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org