Re: [PATCH] password command implementation

grub-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] password command implementation

From:	Jordi Mallach
Subject:	Re: [PATCH] password command implementation
Date:	Tue, 7 Aug 2007 14:45:50 +0200
User-agent:	Mutt/1.5.16 (2007-06-11)

On Tue, Aug 07, 2007 at 02:17:16PM +0200, Julien Ranc wrote:
>  - plain text passwords are indeed very insecure, but I kept them, as it was
> possible in Grub legacy. Should I remove them ?

I think there's plenty of people who will have use for plain, insecure
passwords.

The first security problem of having access to the grub menu is that in
a lot of cases, it is equal to having access to the hardware. That blows
up pretty much all of your security measures, if you're not using
encrypted filesystems or whatever.

Plain password is easy to beat, but at least it adds a minimal layer of
"annoyance" for anyone wanting to boot what they aren't supposed to
boot.

-- 
Jordi Mallach Pérez  --  Debian developer     http://www.debian.org/
address@hidden     address@hidden     http://www.sindominio.net/
GnuPG public key information available at http://oskuro.net/

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH] password command implementation, Julien RANC, 2007/08/05
- Re: [PATCH] password command implementation, Marco Gerards, 2007/08/07
  - Re: [PATCH] password command implementation, Julien Ranc, 2007/08/07
    - Re: [PATCH] password command implementation, Jordi Mallach <=
    - Re: [PATCH] password command implementation, Marco Gerards, 2007/08/08
    - Re: [PATCH] password command implementation, Yoshinori K. Okuji, 2007/08/07

Prev by Date: Re: [PATCH] password command implementation
Next by Date: Re: [PATCH] password command implementation
Previous by thread: Re: [PATCH] password command implementation
Next by thread: Re: [PATCH] password command implementation
Index(es):
- Date
- Thread