diff mbox

[2/2] target: add different methods to encode the root password

Message ID 1347574590-13716-2-git-send-email-yann.morin.1998@free.fr
State Deferred
Headers show

Commit Message

Yann E. MORIN Sept. 13, 2012, 10:16 p.m. UTC 
The password can be encoded in different ways (from the weakest
to the strongest): des, md5, sha-256, sha-512

Add a choice entry to select the method, defaulting to 'des'.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
---
 target/generic/Config.in   |   46 ++++++++++++++++++++++++++++++++++++++++++++
 target/generic/Makefile.in |    3 +-
 2 files changed, 48 insertions(+), 1 deletions(-)

Comments

Arnout Vandecappelle Sept. 18, 2012, 10:04 p.m. UTC | #1 
On 09/14/12 00:16, Yann E. MORIN wrote:
> The password can be encoded in different ways (from the weakest
> to the strongest): des, md5, sha-256, sha-512
>
> Add a choice entry to select the method, defaulting to 'des'.
>
> Signed-off-by: "Yann E. MORIN"<yann.morin.1998@free.fr>

  I think this is going way too far for just setting the root password. I would just
make it an md5 crypt (which is supported by all uClibc versions) and be done
with it.

  Regards,
  Arnout
Yann E. MORIN Sept. 18, 2012, 10:24 p.m. UTC | #2 
Arnout, All,

On Wednesday 19 September 2012 00:04:25 Arnout Vandecappelle wrote:
> On 09/14/12 00:16, Yann E. MORIN wrote:
> > The password can be encoded in different ways (from the weakest
> > to the strongest): des, md5, sha-256, sha-512
> >
> > Add a choice entry to select the method, defaulting to 'des'.
> >
> > Signed-off-by: "Yann E. MORIN"<yann.morin.1998@free.fr>
> 
> I think this is going way too far for just setting the root password. I 
> would just make it an md5 crypt (which is supported by all uClibc versions)
> and be done with it.

OK, I'll respin a single patch with only MD5-encrypted password.

To be noted however, is that MD5 is now sensible to attacks:
    http://www.kb.cert.org/vuls/id/836068

There's even an attack that can find collisions within seconds on a P4:
    http://www.win.tue.nl/hashclash/On%20Collisions%20for%20MD5%20-%20M.M.J.%20Stevens.pdf

Thus, I'll add to the help text that this should not be considered for
production use for publicly-reachable devices (eg. appliances...), and
that the security of the device should not rely on the root password being
strongly-enough encrypted; something in this vein...

Regards,
Yann E. MORIN.
diff mbox

Patch

diff --git a/target/generic/Config.in b/target/generic/Config.in
index b376c85..9933df6 100644
--- a/target/generic/Config.in
+++ b/target/generic/Config.in
@@ -27,6 +27,52 @@  config BR2_TARGET_GENERIC_ROOT_PASSWD
 	  if either the .config file or the build log may be distributed!
 
 choice
+	bool "root password encoding"
+	depends on BR2_TARGET_GENERIC_ROOT_PASSWD != ""
+	default BR2_TARGET_GENERIC_ROOT_PASSWD_DES
+
+config BR2_TARGET_GENERIC_ROOT_PASSWD_DES
+	bool "des"
+	help
+	  Use standard 56-bit DES-based crypt(3).
+	  
+	  The default, wildly available, but also the weakest.
+
+config BR2_TARGET_GENERIC_ROOT_PASSWD_MD5
+	bool "md5"
+	help
+	  Use MD5 to encode the password.
+	  
+	  Although not default, still wildly available, and pretty good.
+
+config BR2_TARGET_GENERIC_ROOT_PASSWD_SHA256
+	bool "sha-256"
+	help
+	  Use SHA256 to encode the password.
+	  
+	  Very strong, but not ubiquitous, although available in glibc
+	  for some time now. Choose only if you are sure your C library
+	  understands SHA256 passwords.
+
+config BR2_TARGET_GENERIC_ROOT_PASSWD_SHA512
+	bool "sha-512"
+	help
+	  Use SHA512 to encode the password.
+	  
+	  Extremely strong, but not ubiquitous, although available in glibc
+	  for some time now. Choose only if you are sure your C library
+	  understands SHA512 passwords.
+
+endchoice # root passwd encoding
+
+config BR2_TARGET_GENERIC_ROOT_PASSWD_METHOD
+	string
+	default "des"       if BR2_TARGET_GENERIC_ROOT_PASSWD_DES
+	default "md5"       if BR2_TARGET_GENERIC_ROOT_PASSWD_MD5
+	default "sha-256"   if BR2_TARGET_GENERIC_ROOT_PASSWD_SHA256
+	default "sha-512"   if BR2_TARGET_GENERIC_ROOT_PASSWD_SHA512
+
+choice
 	prompt "/dev management"
 	default BR2_ROOTFS_DEVICE_CREATION_STATIC
 
diff --git a/target/generic/Makefile.in b/target/generic/Makefile.in
index 1021b10..674665b 100644
--- a/target/generic/Makefile.in
+++ b/target/generic/Makefile.in
@@ -1,6 +1,7 @@ 
 TARGET_GENERIC_HOSTNAME:=$(call qstrip,$(BR2_TARGET_GENERIC_HOSTNAME))
 TARGET_GENERIC_ISSUE:=$(call qstrip,$(BR2_TARGET_GENERIC_ISSUE))
 TARGET_GENERIC_ROOT_PASSWD:=$(call qstrip,$(BR2_TARGET_GENERIC_ROOT_PASSWD))
+TARGET_GENERIC_ROOT_PASSWD_METHOD:=$(call qstrip,$(BR2_TARGET_GENERIC_ROOT_PASSWD_METHOD))
 TARGET_GENERIC_GETTY:=$(call qstrip,$(BR2_TARGET_GENERIC_GETTY_PORT))
 TARGET_GENERIC_GETTY_BAUDRATE:=$(call qstrip,$(BR2_TARGET_GENERIC_GETTY_BAUDRATE))
 
@@ -18,7 +19,7 @@  target-no-root-passwd:
 	$(SED) "s/^root:[^:]*:/root::/" $(TARGET_DIR)/etc/shadow
 
 target-root-passwd:
-	root_passwd="$$( mkpasswd -m des "$(TARGET_GENERIC_ROOT_PASSWD)" )"; \
+	root_passwd="$$( mkpasswd -m "$(TARGET_GENERIC_ROOT_PASSWD_METHOD)" "$(TARGET_GENERIC_ROOT_PASSWD)" )"; \
 	$(SED) "s,^root::,root:$${root_passwd}:," $(TARGET_DIR)/etc/shadow
 
 target-generic-getty-busybox: