From mboxrd@z Thu Jan  1 00:00:00 1970
From: Stefan Roese <sr@denx.de>
Date: Fri, 15 May 2015 10:44:45 +0200
Subject: [U-Boot] [PATCH v2 4/4] autoboot.c: Add feature to stop
 autobooting via SHA256 encrypted password
In-Reply-To: <CAM=E1R6V8Zv2y0unaF3g3=kj=D5Nmdzd+HKwrv-XcJVJWLUFmQ@mail.gmail.com>
References: <1431000847-22183-5-git-send-email-sr@denx.de>	<1431071533-5908-1-git-send-email-sr@denx.de>
 <CAM=E1R6V8Zv2y0unaF3g3=kj=D5Nmdzd+HKwrv-XcJVJWLUFmQ@mail.gmail.com>
Message-ID: <5555B1FD.8090102@denx.de>
List-Id: <u-boot.lists.denx.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: u-boot@lists.denx.de

Hi Magnus,

On 15.05.2015 09:44, Magnus Lilja wrote:
> On 8 May 2015 at 09:52, Stefan Roese <sr@denx.de> wrote:
>> This patch adds the feature to only stop the autobooting, and therefor
>> boot into the U-Boot prompt, when the input string / password matches
>> a values that is encypted via a SHA256 hash and saved in the environment.
>>
>> This feature is enabled by defined these config options:
>>       CONFIG_AUTOBOOT_KEYED
>>       CONFIG_AUTOBOOT_STOP_STR_SHA256
>>
>> Signed-off-by: Stefan Roese <sr@denx.de>
>> Cc: Simon Glass <sjg@chromium.org>
>> Cc: Magnus Lilja <lilja.magnus@gmail.com>
>> ---
>> v2:
>> - AUTOBOOT_STOP_STR_SHA256 is a string and not bool
>> - Add input key length check as suggested by Magnus
>> - Add "constant-length" time compare function as suggested
>>    by Magnus
>
> May I ask why you don't go all the way and use the salt mechanism
> instead of just hashing the password?

Because its a customer requirement to implement it in this "simple" way. 
Even though cracking will be easier than by using this salt mechanism. 
If someone needs this stronger encryption support at some time, I 
suggest to add it as an additional feature / option then.

Thanks,
Stefan