Startsida Utforska Hjälp
Registrera dig Logga in
PUBLIC_REPOS
/
buildroot
spegling av git://git.buildroot.net/buildroot
2
1
Fork 0
Filer
Bläddra i källkod

target: add different methods to encode passwords

Passwords can be encoded in different ways (from the weakest
to the strongest): des, md5, sha-256, sha-512

Add a choice entry to select the method, defaulting to 'md5'.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Tested-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Yann E. MORIN 12 år sedan
förälder
b98b191b5c
incheckning
72defc45dd
2 ändrade filer med 56 tillägg och 1 borttagningar
Delad Vy Visa Diff Statistik
  1. 54 0
      system/Config.in
  2. 2 1
      system/system.mk

+ 54 - 0
system/Config.in
Visa fil 

@@ -12,6 +12,60 @@ config BR2_TARGET_GENERIC_ISSUE
 
        help
 
          Select system banner (/etc/issue) to be displayed at login.
 
 
+choice
 
+	bool "Passwords encoding"
 
+	default BR2_TARGET_GENERIC_PASSWD_MD5
 
+	help
 
+	  Choose the password encoding scheme to use when Buildroot
 
+	  needs to encode a password (eg. the root password, below).
 
+	  
+	  Note: this is used at build-time, and *not* at runtime.
 
+
 
+config BR2_TARGET_GENERIC_PASSWD_DES
 
+	bool "des"
 
+	help
 
+	  Use standard 56-bit DES-based crypt(3) to encode passwords.
 
+	  
+	  Old, wildly available, but also the weakest, very susceptible to
 
+	  brute-force attacks.
 
+
 
+config BR2_TARGET_GENERIC_PASSWD_MD5
 
+	bool "md5"
 
+	help
 
+	  Use MD5 to encode passwords.
 
+	  
+	  The default. Wildly available, and pretty good.
 
+	  Although pretty strong, MD5 is now an old hash function, and
 
+	  suffers from some weaknesses, which makes it susceptible to
 
+	  brute-force attacks.
 
+
 
+config BR2_TARGET_GENERIC_PASSWD_SHA256
 
+	bool "sha-256"
 
+	help
 
+	  Use SHA256 to encode passwords.
 
+	  
+	  Very strong, but not ubiquitous, although available in glibc
 
+	  for some time now. Choose only if you are sure your C library
 
+	  understands SHA256 passwords.
 
+
 
+config BR2_TARGET_GENERIC_PASSWD_SHA512
 
+	bool "sha-512"
 
+	help
 
+	  Use SHA512 to encode passwords.
 
+	  
+	  Extremely strong, but not ubiquitous, although available in glibc
 
+	  for some time now. Choose only if you are sure your C library
 
+	  understands SHA512 passwords.
 
+
 
+endchoice # Passwd encoding
 
+
 
+config BR2_TARGET_GENERIC_PASSWD_METHOD
 
+	string
 
+	default "des"       if BR2_TARGET_GENERIC_PASSWD_DES
 
+	default "md5"       if BR2_TARGET_GENERIC_PASSWD_MD5
 
+	default "sha-256"   if BR2_TARGET_GENERIC_PASSWD_SHA256
 
+	default "sha-512"   if BR2_TARGET_GENERIC_PASSWD_SHA512
 
+
 
 choice
 
 	prompt "/dev management"
 
 	default BR2_ROOTFS_DEVICE_CREATION_STATIC

+ 2 - 1
system/system.mk
Visa fil 

@@ -1,8 +1,9 @@
 
 TARGET_GENERIC_HOSTNAME:=$(call qstrip,$(BR2_TARGET_GENERIC_HOSTNAME))
 
 TARGET_GENERIC_ISSUE:=$(call qstrip,$(BR2_TARGET_GENERIC_ISSUE))
 
 TARGET_GENERIC_ROOT_PASSWD:=$(call qstrip,$(BR2_TARGET_GENERIC_ROOT_PASSWD))
 
+TARGET_GENERIC_PASSWD_METHOD:=$(call qstrip,$(BR2_TARGET_GENERIC_PASSWD_METHOD))
 
 ifneq ($(TARGET_GENERIC_ROOT_PASSWD),)
 
-TARGET_GENERIC_ROOT_PASSWD_HASH=$(shell mkpasswd -m md5 "$(TARGET_GENERIC_ROOT_PASSWD)")
 
+TARGET_GENERIC_ROOT_PASSWD_HASH=$(shell mkpasswd -m "$(TARGET_GENERIC_PASSWD_METHOD)" "$(TARGET_GENERIC_ROOT_PASSWD)")
 
 endif
 
 TARGET_GENERIC_GETTY:=$(call qstrip,$(BR2_TARGET_GENERIC_GETTY_PORT))
 
 TARGET_GENERIC_GETTY_BAUDRATE:=$(call qstrip,$(BR2_TARGET_GENERIC_GETTY_BAUDRATE))