Systems installed by Calamares up to and including Calamares 3.1 have a weaker password salt than they should. This weakness is important if an attacker has a way to obtain the password hash. The Calamares team believes that installed systems should be as secure as possible, and therefore considers this weakness important.
Users are advised to reset their password on installed systems by using the password(1) utility, which will provide a stronger salt and hence a better password hash. This applies to all user accounts created during the installation of the system: the user’s own account and to the root account, if the root account has a password.