From: "Jan Lübbe" <jlu@pengutronix.de>
To: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
Cc: barebox@lists.infradead.org
Subject: Re: [PATCH 07/10] password: add pbkdf2 support
Date: Mon, 16 Mar 2015 12:58:45 +0100 [thread overview]
Message-ID: <1426507125.3330.79.camel@pengutronix.de> (raw)
In-Reply-To: <20150316115204.GI26127@ns203013.ovh.net>
On Mo, 2015-03-16 at 12:52 +0100, Jean-Christophe PLAGNIOL-VILLARD
wrote:
> On 12:41 Mon 16 Mar , Jan Lübbe wrote:
> > On Mo, 2015-03-16 at 12:25 +0100, Jean-Christophe PLAGNIOL-VILLARD wrote:
> > > > Yes, definitely. We must use the algorithms as they are intended to be
> > > > used.
> > > >
> > > > If we try to move users away from RSA2048 because it will be vulnerable
> > > > in the future, we should not go against established practice for
> > > > password salts by hard-coding it.
> > > I'm not against it but with the barebox entropy did not see the point to use
> > > it.
> > >
> > > so how do we generate the salt? what length
> > >
> > > Personnaly I'll prefer
> > >
> > > a random 64 bytes | sha256 | take first 32bytes. | pbkdf2 10000 round
> >
> > Running SHA-256 on random data is useless for security.
> SHA256 is to improve the entrpopy not security
Running a deterministic algorithm cannot increase entropy (only reduce
it).
> > Just get
> > <hash-size> bytes from /dev/urandom on the host. We could generate a
> > file with the compile-time SALT which is then included.
> >
> > On the running barebox, we could use SHA to hash the old password file
> > together with the current timer value. At least until we have something
> > better.
> >
> > > result a 64 bytes password file <salt 32 byes><key 32 bytes>
> >
> > Yes. As we select the algorithm at compile time, we don't the to save it
> > in the file.
>
> this is for barebox as we may not have any passwd file
The same applies also to the default_passwd compiled in variable.
Currently we have:
PASSWD_FILE := $(shell cd $(srctree); find $(CONFIG_PASSWORD_DEFAULT) -type f)
cmd_pwd_h = echo -n "static const char default_passwd[] = \"" > $@; \
cat $< | tr -d '\n' >> $@; \
echo "\";" >> $@
include/generated/passwd.h: $(PASSWD_FILE)
$(call if_changed,pwd_h)
This would need to run the hash/pbkdf2 and store salt+key.
Regards,
Jan
--
Pengutronix e.K. | |
Industrial Linux Solutions | http://www.pengutronix.de/ |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
next prev parent reply other threads:[~2015-03-16 11:59 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-16 10:13 [PATCH 00/10 v3] prepare for rsa support Jean-Christophe PLAGNIOL-VILLARD
2015-03-16 10:15 ` [PATCH 01/10] digest: add verify callback Jean-Christophe PLAGNIOL-VILLARD
2015-03-16 10:15 ` [PATCH 02/10] command: rename digest.c to hashsum.c Jean-Christophe PLAGNIOL-VILLARD
2015-03-16 10:15 ` [PATCH 03/10] command: allow runtime usage Jean-Christophe PLAGNIOL-VILLARD
2015-03-16 10:15 ` [PATCH 04/10] command: add generic digest command Jean-Christophe PLAGNIOL-VILLARD
2015-03-16 11:49 ` Jan Lübbe
2015-03-16 14:51 ` Jean-Christophe PLAGNIOL-VILLARD
2015-03-16 10:15 ` [PATCH 05/10] digest: add digest callback Jean-Christophe PLAGNIOL-VILLARD
2015-03-16 10:15 ` [PATCH 06/10] crypto: add pbkdf2 hmac key generator Jean-Christophe PLAGNIOL-VILLARD
2015-03-16 10:15 ` [PATCH 07/10] password: add pbkdf2 support Jean-Christophe PLAGNIOL-VILLARD
2015-03-16 10:49 ` Jan Lübbe
2015-03-16 11:01 ` Jean-Christophe PLAGNIOL-VILLARD
2015-03-16 11:05 ` Jan Lübbe
2015-03-16 11:25 ` Jean-Christophe PLAGNIOL-VILLARD
2015-03-16 11:41 ` Jan Lübbe
2015-03-16 11:52 ` Jean-Christophe PLAGNIOL-VILLARD
2015-03-16 11:58 ` Jan Lübbe [this message]
2015-03-16 12:10 ` Jean-Christophe PLAGNIOL-VILLARD
2015-03-16 13:14 ` Jan Lübbe
2015-03-16 13:55 ` Jean-Christophe PLAGNIOL-VILLARD
2015-03-16 10:15 ` [PATCH 08/10] digest: allow algo to specify their length at runtime Jean-Christophe PLAGNIOL-VILLARD
2015-03-16 10:15 ` [PATCH 09/10] crypto: hmac: use digest_digest and check the return of every digest_xxx Jean-Christophe PLAGNIOL-VILLARD
2015-03-16 10:15 ` [PATCH 10/10] digest: digest_file_window: check every digest_xxx return Jean-Christophe PLAGNIOL-VILLARD
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1426507125.3330.79.camel@pengutronix.de \
--to=jlu@pengutronix.de \
--cc=barebox@lists.infradead.org \
--cc=plagnioj@jcrosoft.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox