Re: Security trough paranoia
-----BEGIN PGP SIGNED MESSAGE-----
On Fri, 30 Mar 2001, Dimitri Maziuk wrote:
> > * PAM must come with md5 hash enabled by default.
> No. Think heterogeneous networks.
Apologies if I've missed something glaringly obvious, but how does having a
heterogeneous network cause problems when using md5 passwords on a Debian box?
Since the use of md5 primarily affects updates made to the local
password/shadow file, the only scenarios where this even becomes a problem are
when using NIS, or when distributing copies of the same password/shadow file
to various machines. The first scenario could be detected programmatically
and addressed; the second doesn't strike me as sufficient justification for
continuing to inflict pathetically weak password encryption on everyone
else by default. Those people that really need ancient crypt for their
passwords can override the default as easily as those of us who want security
are currently required to do.
Which default is really going to better the Debian community as a whole?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----