Re: Security trough paranoia
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Dimitri,
On Fri, 30 Mar 2001, Dimitri Maziuk wrote:
> > * PAM must come with md5 hash enabled by default.
> No. Think heterogeneous networks.
Apologies if I've missed something glaringly obvious, but how does having a
heterogeneous network cause problems when using md5 passwords on a Debian box?
Since the use of md5 primarily affects updates made to the local
password/shadow file, the only scenarios where this even becomes a problem are
when using NIS, or when distributing copies of the same password/shadow file
to various machines. The first scenario could be detected programmatically
and addressed; the second doesn't strike me as sufficient justification for
continuing to inflict pathetically weak password encryption on everyone
else by default. Those people that really need ancient crypt for their
passwords can override the default as easily as those of us who want security
are currently required to do.
Which default is really going to better the Debian community as a whole?
Steve Langasek
postmodern programmer
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE6xRC8o4JSvn7HwCkRAtzsAJ9rsRCDPefcRaEEOFS32S9k6TCmXwCdF8x3
mxXwY74wGcuwvCt7tS/kCaM=
=76n3
-----END PGP SIGNATURE-----
Reply to: