[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] password command implementation

From: Jordi Mallach
Subject: Re: [PATCH] password command implementation
Date: Tue, 7 Aug 2007 14:45:50 +0200
User-agent: Mutt/1.5.16 (2007-06-11)

On Tue, Aug 07, 2007 at 02:17:16PM +0200, Julien Ranc wrote:
>  - plain text passwords are indeed very insecure, but I kept them, as it was
> possible in Grub legacy. Should I remove them ?

I think there's plenty of people who will have use for plain, insecure

The first security problem of having access to the grub menu is that in
a lot of cases, it is equal to having access to the hardware. That blows
up pretty much all of your security measures, if you're not using
encrypted filesystems or whatever.

Plain password is easy to beat, but at least it adds a minimal layer of
"annoyance" for anyone wanting to boot what they aren't supposed to

Jordi Mallach PĂ©rez  --  Debian developer
address@hidden     address@hidden
GnuPG public key information available at

reply via email to

[Prev in Thread] Current Thread [Next in Thread]