raspberrypi:rpi4_bullsey
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
raspberrypi:rpi4_bullsey [2022/06/19 15:54] Ilias Iliopoulos |
raspberrypi:rpi4_bullsey [2024/02/02 21:51] (current) Ilias Iliopoulos |
||
|---|---|---|---|
| Line 14: | Line 14: | ||
| </code> | </code> | ||
| - | You can replace the name of the user from **newuser** to whatever you like. | + | You can replace the name of the user from **newuser** to whatever you like. The **:** is the separator of the user name and the password. |
| Now, remote login as usual: | Now, remote login as usual: | ||
| Line 24: | Line 24: | ||
| </code> | </code> | ||
| - | The password of the user is **raspberry**. Please remember to change it after your first login. | + | The password is **raspberry** and the long string above is the sha512 hashed form. Please remember to change the password after your first login. |
| Does this posting create a security gap by publishing the encrypted form of the **raspberry** text? No, because the hash creation algorithm **openssl passwd -6** is using a random seed, if run without the `-seed` option, therefore there is an enormous amount of hashed encoded forms that will respond positively to the raspberry password. The text above is just one of those encoded forms. | Does this posting create a security gap by publishing the encrypted form of the **raspberry** text? No, because the hash creation algorithm **openssl passwd -6** is using a random seed, if run without the `-seed` option, therefore there is an enormous amount of hashed encoded forms that will respond positively to the raspberry password. The text above is just one of those encoded forms. | ||
| Line 33: | Line 33: | ||
| We could have millions of conversation lines arguing about the increased security achieved by removing the pi user. I will not do that at the present time, because I think that it is more essential to make this information public and save our colleagues time and frustration. But, it is obvious that the Raspberry Pi development team did a very poor job in properly providing the information of such a change. | We could have millions of conversation lines arguing about the increased security achieved by removing the pi user. I will not do that at the present time, because I think that it is more essential to make this information public and save our colleagues time and frustration. But, it is obvious that the Raspberry Pi development team did a very poor job in properly providing the information of such a change. | ||
| - | + | ~~DISQUS~~ | |
raspberrypi/rpi4_bullsey.1655643254.txt.gz · Last modified: 2022/06/19 15:54 by Ilias Iliopoulos