Bug#775718: installation-guide: Appendix B.4: Several security flaws

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#775718: installation-guide: Appendix B.4: Several security flaws
From: Dirk Heinrichs <dirk.heinrichs@altum.de>
Date: Mon, 19 Jan 2015 09:18:19 +0100
Message-id: <[🔎] 20150119081819.16830.40328.reportbug@rohan.altum.de>
Reply-to: Dirk Heinrichs <dirk.heinrichs@altum.de>, 775718@bugs.debian.org

Source: installation-guide
Severity: normal

Dear Maintainer,

in appendix B.4 (http://d-i.debian.org/manual/en.i386/apbs04.html) of
the installation guide the user is advised to generate an encrypted
password using the command

	printf "r00tme" | mkpasswd -s -m md5

This is severely flawed in two ways:

1. It leaves the password in the shells history file as clear text.
2. It still uses MD5 instead of SHA512.

Better use a simple

	mkpasswd -m sha-512

It's also not clear that the user needs to install the "whois" package
to get the mkpasswd command.

Bye...

	Dirk

Reply to:

Follow-Ups:
- Processed: Re: Bug#775718: installation-guide: Appendix B.4: Several security flaws
  - From: owner@bugs.debian.org (Debian Bug Tracking System)
- Bug#775718: installation-guide: Appendix B.4: Several security flaws
  - From: Samuel Thibault <sthibault@debian.org>

Prev by Date: Processed: tagging 775683
Next by Date: Processed: Re: Bug#775718: installation-guide: Appendix B.4: Several security flaws
Previous by thread: Processed: tagging 775683
Next by thread: Processed: Re: Bug#775718: installation-guide: Appendix B.4: Several security flaws
Index(es):
- Date
- Thread