Re: [PATCH 07/10] password: add pbkdf2 support

["Jan Lübbe" <jlu@pengutronix.de>]

On Mo, 2015-03-16 at 13:10 +0100, Jean-Christophe PLAGNIOL-VILLARD wrote:
> On 12:58 Mon 16 Mar     , Jan Lübbe wrote:
> > > > > Personnaly I'll prefer
> > > > > 
> > > > > a random 64 bytes | sha256 | take first 32bytes. | pbkdf2 10000 round
> > > > 
> > > > Running SHA-256 on random data is useless for security.
> > > SHA256 is to improve the entrpopy not security
> > 
> > Running a deterministic algorithm cannot increase entropy (only reduce
> > it).
> 
> check the kennel algo for PRGN

PRNG? That is a different use case. The kernel takes sources of entropy
and uses those to seed an CSPRNG:
http://www.2uo.de/myths-about-urandom/

> and youp will see why I want to use a sha

Having high entropy and appearing random are different properties. As
SHA-256 is deterministic it *cannot* increase entropy:
http://en.wikipedia.org/wiki/Entropy_(information_theory)

> > > > Just get
> > > > <hash-size> bytes from /dev/urandom on the host. We could generate a
> > > > file with the compile-time SALT which is then included.
> > > > 
> > > > On the running barebox, we could use SHA to hash the old password file
> > > > together with the current timer value. At least until we have something
> > > > better.
> > > > 
> > > > > result a 64 bytes password file <salt 32 byes><key 32 bytes>
> > > > 
> > > > Yes. As we select the algorithm at compile time, we don't the to save it
> > > > in the file.
> > > 
> > > this is for barebox as we may not have any passwd file
> > 
> > The same applies also to the default_passwd compiled in variable.
> > 
> > Currently we have:
> > PASSWD_FILE := $(shell cd $(srctree); find $(CONFIG_PASSWORD_DEFAULT) -type f)
> > cmd_pwd_h = echo -n "static const char default_passwd[] = \"" > $@; \
> >         cat $< | tr -d '\n' >> $@; \
> >         echo "\";" >> $@
> > 
> > include/generated/passwd.h: $(PASSWD_FILE)
> >         $(call if_changed,pwd_h)
> > 
> > This would need to run the hash/pbkdf2 and store salt+key.
> 
> no as the current current code expect you to give the correct file format for
> the currently use password
> 
> so today the output of openssl

Ah, sorry I misread the code here. I though that the plaintext password
was in the config. CONFIG_PASSWORD_DEFAULT must be the name of a file in
the srctree with the format matching the selected hash algo?

> but yes we may need to do more here

It seems there is no standard tool to create password hashes which
supports all the algorithms we want to have.

So the current way is to use barebox itself to create the default
password file? Should be have a host tool for that or is barebox sandbox
enough?

Regards,
Jan
-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox