From 74c70653af306ee3d2908b956cc033b8e2a1e4e0 Mon Sep 17 00:00:00 2001
From: Ryan Yin <xiaoyin_c@qq.com>
Date: Mon, 16 Mar 2026 15:09:46 +0800
Subject: [PATCH] security: rotate login password

---
 vars/default.nix | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/vars/default.nix b/vars/default.nix
index 8505126a..7b04f11e 100644
--- a/vars/default.nix
+++ b/vars/default.nix
@@ -4,9 +4,12 @@
   userfullname = "Ryan Yin";
   useremail = "xiaoyin_c@qq.com";
   networking = import ./networking.nix { inherit lib; };
-  # generated by `mkpasswd -m scrypt --rounds=11`
+  # Generated using: mkpasswd -m yescrypt --rounds=11
+  # Password: long, strong random string (full charset)
+  # Rotation policy: changed annually
+  # Purpose: system login password only
   # https://man.archlinux.org/man/crypt.5.en
-  initialHashedPassword = "$7$CU..../....KDvTIXqLTXpmCaoUy2yC9.$145eM358b7Q0sRXgEBvxctd5EAuEEdao57LmZjc05D.";
+  initialHashedPassword = "$y$jFT$RBapCH3F6bc0uSF.FaUGB.$rvhiVvcCKxkkumDFLONV5zFP1lsv1VyZ1ErH.r2rNk3";
   # Public Keys that can be used to login to all my PCs, Macbooks, and servers.
   #
   # Since its authority is so large, we must strengthen its security: