Re: [PATCH] offers users MD5, SHA-256, or SHA-512

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, 19 Feb 2008 16:59:41 -0600 (CST)
Jeff Bastian <jbastian@xxxxxxxxxx> wrote:

> On Tue, 19 Feb 2008, David Cantrell wrote:
> > People ask for this stuff, I work on it, and then it's shot down by someone.  I'll remove the UI components.
> 
> 
> I think you should keep it.  I agree with your argument that it exposes 
> some of the security options available in Fedora that most people might 
> never even know exists.  I know I've learned a lot about things by seeing 
> an option in a GUI or a config file option and then reading about it to 
> understand what it does.  I've often gone with something other than the 
> default, too.

Presenting the option to the user during installation will cause confusion.  I played around with adding descriptions such as:

	Probably secure (MD5)
	Better security (SHA-256)
	Best security we can do (SHA-512)

But that doesn't help if we add other algorithms.  Also, how am I supposed to know that SHA-512 is better than MD5?  It certainly generates a longer password.  And a choice like this in the installer could cause users to think that it's for all system security, which isn't accurate.  Also, we have the firstboot security stuff, so they would be even more confused.  Putting the choice on the root password screen was an all around bad idea.

I want to leave the functionality for kickstart.  That's requested by RHEL customers, so we should keep that.  And Seth mentioned that covers the choice aspect.  If a UI feature is to give users a choice of the password algorithm, it should probably go in s-c-securitylevel or some similar tool.  Or not.  But yeah, it's looking weird in anaconda.

I am going to change the default that we're using in anaconda to SHA-512.  If anyone doesn't want that, scream now or when I send the new patchpile to the list.

New patches to the list soon.

(/me is grumpy about having to see the doctor today)

-- 
David Cantrell <dcantrell@xxxxxxxxxx>
Red Hat / Honolulu, HI

Attachment: pgphbAMqDVZpz.pgp
Description: PGP signature

_______________________________________________
Anaconda-devel-list mailing list
Anaconda-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/anaconda-devel-list
[Index of Archives]     [Kickstart]     [Fedora Users]     [Fedora Legacy List]     [Fedora Maintainers]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]
  Powered by Linux