On 2020-01-21, Raghav Gururajan wrote:
>> Note: The hash of this initial password will be available in a file
>> in
>> /gnu/store, readable by all the users, so this method must be used
>> with
>> care.
>
> I see. But why would it be a concern? It is not feasible to brute-force 
> SHA-512 hash right?

I'm no expert, but evaluating the future based on today has it's
weaknesses; brute-force isn't usually what makes it possible to
compromise an algorithm...

  https://valerieaurora.org/hash.html


According to wikipedia, SHA-512 is in the SHA2 family:

  https://en.wikipedia.org/wiki/SHA-2

Which outlines papers, some going back over a decade, on various ways
SHA2 could be weakened...


live well,
  vagrant