Bug#854653: encourage users to generate strong passwords
Package: debian-installer
Severity: wishlist
After reflecting for a few days about password generation and writing
an [article][1] about it, I was told the debian-installer may be a good
place to encourage people to set strong passwords. In the d-i, we set
one or three critically important passwords: the main user account
and, optionnally, the root account and crypto passphrase. The latter
password seems especially important to be cryptographically secure.
[1]: https://lwn.net/SubscriberLink/713806/f43f8fca9c10099a/
As things stand, the user is left on his own: there are little
instructions on how to choose a proper password, what to do with it,
how to not forget it...
I would recommend actually generating the password for the user, using
a random sample of words from a word list. This can be done with the
diceware or xkcdpass software, or it could be implemented from scratch
if we do not want the extra dependency.
If entropy is an issue, we can tell the user to enter the results from
actual dice rolls. But after reviewing a [CCC talk about entropy in
the kernel][2], I am actually quite confident that the kernel RNG, in
modern Linux installs, is sufficiently initialized for cryptographic
use.
[2]: https://media.ccc.de/v/32c3-7441-the_plain_simple_reality_of_entropy)
I understand this is a significant change, but I didn't want that idea
to get lost anywhere. I believe that randomly-generated yet memorable
passphrases could significantly improve the security of Debian
installs.
Thank you for your consideration.
A.
-- System Information:
Debian Release: 9.0
APT prefers testing
APT policy: (500, 'testing'), (1, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
Reply to: