On 11:49 Mon 16 Mar , Jan Lübbe wrote: > On Mo, 2015-03-16 at 11:15 +0100, Jean-Christophe PLAGNIOL-VILLARD wrote: > > We will use "barebox_password" as salt and 10000 round to generate a > > 64 bytes key. > > The purpose of a salt is to protect a against dictionary or > rainbow-table (precomputed) attacks. That means that the Salt must be > randomly generated and saved with the password. This will be a enough stong enven with static one to protect against reverse hack for barebox protection Use a 32 byte pass try to do an attack agaist dictionary. it will take you more than 10 years to break it > > For setting a new password in barebox, even a low entropy salt will make > attacks significantly more expensive. So we should add some entropy from > user interaction timing in that case. yes we could do this too > > For hashing a password at compile time, we should get the salt from the > host system. yes do we really need it? Best Regards, J. > > Regards, > Jan > -- > Pengutronix e.K. | | > Industrial Linux Solutions | http://www.pengutronix.de/ | > Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | > Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | > > > _______________________________________________ > barebox mailing list > barebox@xxxxxxxxxxxxxxxxxxx > http://lists.infradead.org/mailman/listinfo/barebox _______________________________________________ barebox mailing list barebox@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/barebox
