[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] password command implementation
From: |
Jordi Mallach |
Subject: |
Re: [PATCH] password command implementation |
Date: |
Tue, 7 Aug 2007 14:45:50 +0200 |
User-agent: |
Mutt/1.5.16 (2007-06-11) |
On Tue, Aug 07, 2007 at 02:17:16PM +0200, Julien Ranc wrote:
> - plain text passwords are indeed very insecure, but I kept them, as it was
> possible in Grub legacy. Should I remove them ?
I think there's plenty of people who will have use for plain, insecure
passwords.
The first security problem of having access to the grub menu is that in
a lot of cases, it is equal to having access to the hardware. That blows
up pretty much all of your security measures, if you're not using
encrypted filesystems or whatever.
Plain password is easy to beat, but at least it adds a minimal layer of
"annoyance" for anyone wanting to boot what they aren't supposed to
boot.
--
Jordi Mallach PĂ©rez -- Debian developer http://www.debian.org/
address@hidden address@hidden http://www.sindominio.net/
GnuPG public key information available at http://oskuro.net/