[PATCH 07/10] password: add pbkdf2 support
Jean-Christophe PLAGNIOL-VILLARD
plagnioj at jcrosoft.com
Mon Mar 16 04:01:14 PDT 2015
On 11:49 Mon 16 Mar , Jan Lübbe wrote:
> On Mo, 2015-03-16 at 11:15 +0100, Jean-Christophe PLAGNIOL-VILLARD wrote:
> > We will use "barebox_password" as salt and 10000 round to generate a
> > 64 bytes key.
>
> The purpose of a salt is to protect a against dictionary or
> rainbow-table (precomputed) attacks. That means that the Salt must be
> randomly generated and saved with the password.
This will be a enough stong enven with static one to protect against
reverse hack for barebox protection
Use a 32 byte pass try to do an attack agaist dictionary.
it will take you more than 10 years to break it
>
> For setting a new password in barebox, even a low entropy salt will make
> attacks significantly more expensive. So we should add some entropy from
> user interaction timing in that case.
yes we could do this too
>
> For hashing a password at compile time, we should get the salt from the
> host system.
yes
do we really need it?
Best Regards,
J.
>
> Regards,
> Jan
> --
> Pengutronix e.K. | |
> Industrial Linux Solutions | http://www.pengutronix.de/ |
> Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
> Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
>
>
> _______________________________________________
> barebox mailing list
> barebox at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/barebox
More information about the barebox
mailing list