diff options
author | Yann E. MORIN <yann.morin.1998@free.fr> | 2013-01-05 04:52:03 +0000 |
---|---|---|
committer | Peter Korsgaard <jacmet@sunsite.dk> | 2013-01-06 21:52:18 +0100 |
commit | 72defc45dd7cb3f75f2cb2669225084293a5d9cb (patch) | |
tree | b490e34b3f3e4b2fef2ff22538d5ffeaca72f56c | |
parent | b98b191b5cb628ed8dd32236c4b08d025b65941f (diff) | |
download | buildroot-novena-72defc45dd7cb3f75f2cb2669225084293a5d9cb.tar.gz buildroot-novena-72defc45dd7cb3f75f2cb2669225084293a5d9cb.zip |
target: add different methods to encode passwords
Passwords can be encoded in different ways (from the weakest
to the strongest): des, md5, sha-256, sha-512
Add a choice entry to select the method, defaulting to 'md5'.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Tested-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
-rw-r--r-- | system/Config.in | 54 | ||||
-rw-r--r-- | system/system.mk | 3 |
2 files changed, 56 insertions, 1 deletions
diff --git a/system/Config.in b/system/Config.in index 19bdd2d74..69863c42b 100644 --- a/system/Config.in +++ b/system/Config.in @@ -13,6 +13,60 @@ config BR2_TARGET_GENERIC_ISSUE Select system banner (/etc/issue) to be displayed at login. choice + bool "Passwords encoding" + default BR2_TARGET_GENERIC_PASSWD_MD5 + help + Choose the password encoding scheme to use when Buildroot + needs to encode a password (eg. the root password, below). + + Note: this is used at build-time, and *not* at runtime. + +config BR2_TARGET_GENERIC_PASSWD_DES + bool "des" + help + Use standard 56-bit DES-based crypt(3) to encode passwords. + + Old, wildly available, but also the weakest, very susceptible to + brute-force attacks. + +config BR2_TARGET_GENERIC_PASSWD_MD5 + bool "md5" + help + Use MD5 to encode passwords. + + The default. Wildly available, and pretty good. + Although pretty strong, MD5 is now an old hash function, and + suffers from some weaknesses, which makes it susceptible to + brute-force attacks. + +config BR2_TARGET_GENERIC_PASSWD_SHA256 + bool "sha-256" + help + Use SHA256 to encode passwords. + + Very strong, but not ubiquitous, although available in glibc + for some time now. Choose only if you are sure your C library + understands SHA256 passwords. + +config BR2_TARGET_GENERIC_PASSWD_SHA512 + bool "sha-512" + help + Use SHA512 to encode passwords. + + Extremely strong, but not ubiquitous, although available in glibc + for some time now. Choose only if you are sure your C library + understands SHA512 passwords. + +endchoice # Passwd encoding + +config BR2_TARGET_GENERIC_PASSWD_METHOD + string + default "des" if BR2_TARGET_GENERIC_PASSWD_DES + default "md5" if BR2_TARGET_GENERIC_PASSWD_MD5 + default "sha-256" if BR2_TARGET_GENERIC_PASSWD_SHA256 + default "sha-512" if BR2_TARGET_GENERIC_PASSWD_SHA512 + +choice prompt "/dev management" default BR2_ROOTFS_DEVICE_CREATION_STATIC diff --git a/system/system.mk b/system/system.mk index 651f7df0f..4e131b082 100644 --- a/system/system.mk +++ b/system/system.mk @@ -1,8 +1,9 @@ TARGET_GENERIC_HOSTNAME:=$(call qstrip,$(BR2_TARGET_GENERIC_HOSTNAME)) TARGET_GENERIC_ISSUE:=$(call qstrip,$(BR2_TARGET_GENERIC_ISSUE)) TARGET_GENERIC_ROOT_PASSWD:=$(call qstrip,$(BR2_TARGET_GENERIC_ROOT_PASSWD)) +TARGET_GENERIC_PASSWD_METHOD:=$(call qstrip,$(BR2_TARGET_GENERIC_PASSWD_METHOD)) ifneq ($(TARGET_GENERIC_ROOT_PASSWD),) -TARGET_GENERIC_ROOT_PASSWD_HASH=$(shell mkpasswd -m md5 "$(TARGET_GENERIC_ROOT_PASSWD)") +TARGET_GENERIC_ROOT_PASSWD_HASH=$(shell mkpasswd -m "$(TARGET_GENERIC_PASSWD_METHOD)" "$(TARGET_GENERIC_ROOT_PASSWD)") endif TARGET_GENERIC_GETTY:=$(call qstrip,$(BR2_TARGET_GENERIC_GETTY_PORT)) TARGET_GENERIC_GETTY_BAUDRATE:=$(call qstrip,$(BR2_TARGET_GENERIC_GETTY_BAUDRATE)) |