On 12:41 Mon 16 Mar , Jan Lübbe wrote: > On Mo, 2015-03-16 at 12:25 +0100, Jean-Christophe PLAGNIOL-VILLARD wrote: > > > Yes, definitely. We must use the algorithms as they are intended to be > > > used. > > > > > > If we try to move users away from RSA2048 because it will be vulnerable > > > in the future, we should not go against established practice for > > > password salts by hard-coding it. > > I'm not against it but with the barebox entropy did not see the point to use > > it. > > > > so how do we generate the salt? what length > > > > Personnaly I'll prefer > > > > a random 64 bytes | sha256 | take first 32bytes. | pbkdf2 10000 round > > Running SHA-256 on random data is useless for security. SHA256 is to improve the entrpopy not security > Just get > <hash-size> bytes from /dev/urandom on the host. We could generate a > file with the compile-time SALT which is then included. > > On the running barebox, we could use SHA to hash the old password file > together with the current timer value. At least until we have something > better. > > > result a 64 bytes password file <salt 32 byes><key 32 bytes> > > Yes. As we select the algorithm at compile time, we don't the to save it > in the file. this is for barebox as we may not have any passwd file Best Regards, J. > > Regards, > Jan > -- > Pengutronix e.K. | | > Industrial Linux Solutions | http://www.pengutronix.de/ | > Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | > Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | > _______________________________________________ barebox mailing list barebox@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/barebox
