On Tue, Aug 07, 2007 at 02:17:16PM +0200, Julien Ranc wrote: > - plain text passwords are indeed very insecure, but I kept them, as it was > possible in Grub legacy. Should I remove them ?
I think there's plenty of people who will have use for plain, insecure passwords. The first security problem of having access to the grub menu is that in a lot of cases, it is equal to having access to the hardware. That blows up pretty much all of your security measures, if you're not using encrypted filesystems or whatever. Plain password is easy to beat, but at least it adds a minimal layer of "annoyance" for anyone wanting to boot what they aren't supposed to boot. -- Jordi Mallach PĂ©rez -- Debian developer http://www.debian.org/ [EMAIL PROTECTED] [EMAIL PROTECTED] http://www.sindominio.net/ GnuPG public key information available at http://oskuro.net/ _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org http://lists.gnu.org/mailman/listinfo/grub-devel
