[PATCH] Adding password protection to U-boot: salted version
Francesco Albanese
frances.albanese at gmail.com
Mon Jun 16 16:55:46 CEST 2008
Hello,
I have cleaned my code and I updated my patch with a new feature for
salting the password.
- The salt is generated collecting a timestamp for every valid
keystroke supplied during password prompting: then, the least
significant byte of each timestamp is XORed providing eventually a
24bits seed for SHA256 function. The first 24bits of the generated
context are used as the salt.
- Even though I cannot claim that function is Bruce Schneier proof,
the level of complexity added should provide a certain degree of
security against rainbow tables (256bits secure hash, salt derived
from "quite random" events like keystrokes, XOR is a statistical
balanced function ...).
This patch has been tested on GTA01BV04. It is stil unclear if it
could work on FR (the twin bootloaders shall share the same ENV VARs).
Comments are always welcome,
Francesco Albanese
-------------- next part --------------
A non-text attachment was scrubbed...
Name: u-boot-salt_pass-hack.patch
Type: text/x-patch
Size: 22668 bytes
Desc: not available
Url : http://lists.openmoko.org/pipermail/openmoko-devel/attachments/20080616/878bc91e/attachment-0001.bin
More information about the openmoko-devel
mailing list
