This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
raspberrypi:rpi4_bullsey [2022/06/19 15:54] Ilias Iliopoulos |
raspberrypi:rpi4_bullsey [2024/02/02 21:51] (current) Ilias Iliopoulos |
||
---|---|---|---|
Line 14: | Line 14: | ||
</code> | </code> | ||
- | You can replace the name of the user from **newuser** to whatever you like. | + | You can replace the name of the user from **newuser** to whatever you like. The **:** is the separator of the user name and the password. |
Now, remote login as usual: | Now, remote login as usual: | ||
Line 24: | Line 24: | ||
</code> | </code> | ||
- | The password of the user is **raspberry**. Please remember to change it after your first login. | + | The password is **raspberry** and the long string above is the sha512 hashed form. Please remember to change the password after your first login. |
Does this posting create a security gap by publishing the encrypted form of the **raspberry** text? No, because the hash creation algorithm **openssl passwd -6** is using a random seed, if run without the `-seed` option, therefore there is an enormous amount of hashed encoded forms that will respond positively to the raspberry password. The text above is just one of those encoded forms. | Does this posting create a security gap by publishing the encrypted form of the **raspberry** text? No, because the hash creation algorithm **openssl passwd -6** is using a random seed, if run without the `-seed` option, therefore there is an enormous amount of hashed encoded forms that will respond positively to the raspberry password. The text above is just one of those encoded forms. | ||
Line 33: | Line 33: | ||
We could have millions of conversation lines arguing about the increased security achieved by removing the pi user. I will not do that at the present time, because I think that it is more essential to make this information public and save our colleagues time and frustration. But, it is obvious that the Raspberry Pi development team did a very poor job in properly providing the information of such a change. | We could have millions of conversation lines arguing about the increased security achieved by removing the pi user. I will not do that at the present time, because I think that it is more essential to make this information public and save our colleagues time and frustration. But, it is obvious that the Raspberry Pi development team did a very poor job in properly providing the information of such a change. | ||
- | + | ~~DISQUS~~ |