Why is it odd? if the user has root access.. they can still attempt to brute force the password hashes regardless of key size, simple passwords will still be easy to find.
Remote security is generally considered more important, if you want to be safe, I'd recommend blowfish with more rounds.. and enforce a minimum password length.
|