Re: How I installed Sarge using netinst CD

To: debian-boot@lists.debian.org
Subject: Re: How I installed Sarge using netinst CD
From: Petter Reinholdtsen <pere@hungry.com>
Date: 09 Sep 2003 13:15:48 +0200
Message-id: <[🔎] 2fly8wy5i1n.fsf@saruman.uio.no>
In-reply-to: <[🔎] 20030909083758.GL5836@vnl.com>
References: <[🔎] E19wU35-0001M8-00@minerva.hungry.com> <[🔎] 20030909083758.GL5836@vnl.com>

[Dale Amon]
> I've long wondered why MD5 isn't the default. The old style Unix
> passwords were crackable 5 years ago and certainly this has not
> gotten harder! I'd think the weak password algorithm should be a
> conscious choice for insecurity rather than the default.
> 
> How many newbies are going to know why they should say
> yes to MD5?

This problem was solved in a recent upload of the shadow package:

  shadow (1:4.0.3-9) unstable; urgency=low
  [...]
     * And last, but not least, what's undoubtedly going to be the
       most popular change: md5 passwords are turned on by default,
       and there is no prompt to change them.  Yes, this is reduced
       functionality.  No, it can't go back in the way it was; the old
       code not only modified conffiles, it modified *other*packages*
       conffiles and was a massive policy violation.  I expect this
       change will motivate the people who have said that they will
       come up with a proper solution to do so.  closes: #186016,
       #110228, #171808

Reply to:

Follow-Ups:
- Re: How I installed Sarge using netinst CD
  - From: Dale Amon <amon@vnl.com>

References:
- How I installed Sarge using netinst CD
  - From: Petter Reinholdtsen <pere@hungry.com>
- Re: How I installed Sarge using netinst CD
  - From: Dale Amon <amon@vnl.com>

Prev by Date: Re: Install report, laptop with USB CD-ROM
Next by Date: Re: Install report, laptop with USB CD-ROM
Previous by thread: Re: How I installed Sarge using netinst CD
Next by thread: Re: How I installed Sarge using netinst CD
Index(es):
- Date
- Thread