[PATCH 07/10] password: add pbkdf2 support
Jan Lübbe
jlu at pengutronix.de
Mon Mar 16 03:49:59 PDT 2015
On Mo, 2015-03-16 at 11:15 +0100, Jean-Christophe PLAGNIOL-VILLARD wrote:
> We will use "barebox_password" as salt and 10000 round to generate a
> 64 bytes key.
The purpose of a salt is to protect a against dictionary or
rainbow-table (precomputed) attacks. That means that the Salt must be
randomly generated and saved with the password.
For setting a new password in barebox, even a low entropy salt will make
attacks significantly more expensive. So we should add some entropy from
user interaction timing in that case.
For hashing a password at compile time, we should get the salt from the
host system.
Regards,
Jan
--
Pengutronix e.K. | |
Industrial Linux Solutions | http://www.pengutronix.de/ |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
More information about the barebox
mailing list