Bug#775718: installation-guide: Appendix B.4: Several security flaws
Source: installation-guide
Severity: normal
Dear Maintainer,
in appendix B.4 (http://d-i.debian.org/manual/en.i386/apbs04.html) of
the installation guide the user is advised to generate an encrypted
password using the command
printf "r00tme" | mkpasswd -s -m md5
This is severely flawed in two ways:
1. It leaves the password in the shells history file as clear text.
2. It still uses MD5 instead of SHA512.
Better use a simple
mkpasswd -m sha-512
It's also not clear that the user needs to install the "whois" package
to get the mkpasswd command.
Bye...
Dirk
Reply to: