Oliver Neukum wrote:
Am Freitag, 21. März 2008 14:45:14 schrieb Alberto Passalacqua:
Does it? If we don't offer it, people can do it anyway. But if they do it anyway, we give an attacker a cryptographical advantage by encrypting the same password twice. You assume that the attacker know we are using the same password.
He might just try an attack on that assumption.
Regards Oliver
A very reasonable assumption at that. There was no real need for them being the same, save expediency that seems to be based on the assumption that the "average" user will get horribly confused with having 2 passwords with one operating system, yet I see multiple accounts and administrator on XP boxes. There was also a time when we decried Windows on that very same score as some are advocating a-la Ubuntu. Unix systems have always separated user and root, if Windows advocated the same there would be no complaints, everyone would be happy. My advice - Linux is not Windows and openSUSE/Solaris/Fedora/AIX/Slackware etc. are not Ubuntu, let Ubuntu do it their way (which will alarm any security conscious shop) - get used to the way the others do it or stick with Ubuntu and offshoots as their is no justification for openSUSE mimicking Ubuntu, which IMNSHO, is out of step and wrong. When reading the Ubuntu hype, the slick and original breakthrough with "Unbreakable X?", it's something Mandrake had been doing for years and silently, just that Ubuntu's fanfare was loudest in proclaiming and claiming it as something new, it certainly got wide coverage. Not trying to put Ubuntu down, I have 2 8.04 Beta VM's running under openSuSE 11.0 Alpha3 here, plus one laptop running 7.04, apart from the funny password handshake, they are as usable as openSuSE/Mandriva/Fedora and the others, all behind a smoothwall firewall box. Whenever I set up a box for a newbie, I always use openSuSE and I've not had any complaints even from one 80+ year old and one 68+ year old to whom I've, simply and one time only, explained root and user, so whenever KDE asks for root password, they know what to do. Ubuntu was the one that had me flummoxed at first, especially with stuff like ssh into Ubuntu from boxes on my network, where root wouldn't work. Regards Sid. -- Sid Boyce ... Hamradio License G3VBV, Licensed Private Pilot Emeritus IBM/Amdahl Mainframes and Sun/Fujitsu Servers Tech Support Specialist, Cricket Coach Microsoft Windows Free Zone - Linux used for all Computing Tasks --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org