Re: As a ex sys-admin....
anyone with explicit access to the computer can boot up a CD/DVDROM Linux, chroot to the hard drive root [after properly mounting], and run passwd as root to reset things to whatever you want. Or, remove the hard drive, attach a USB-SATA adaptor to it, plug into "hacker laptop", switch to root, mount things, and reset the root password [using one of several methods].
SO randomly generated root passwords are ok I suppose, but there are limits to which any root password can be guarded like that.
better to just be safe, moderaly cryptic, limit who can access the computer [especially remotely] to avoid dictionary-based attacks, explicitly deny root logins via ssh, and so on.
Biting the hand that feeds IT
