Tiny Core Base > TCB Bugs

"protect" bootcode encrypted home issue

(1/1)

ixbrian:
I was trying out the "protect" bootcode today and ran into an issue.   I booted with the protect bootcode, and when prompted I set my password.   I tried doing a backup via both the filetool GUI and the filetool.sh command line tool.   In both cases, the tools hung indefinitely.   It turns out the problem was that I had chosen a password at bootup that was less than 8 characters long, and bcrypt requires the password to be 8 or more characters, and if it isn't, it just keeps prompting for the password again which is why the filetool utilities were hanging. 

I would suggest adding some logic to getpasswd() in tc-functions that checks if $1 is equal to "encryption", and if so verify that the password entered is at least 8 characters long, and if not, print an notification to the user that the password must be 8 or more characters long.   I made these modifications to getpasswd() and can post them if it would be helpful. 

On a related note, since Tiny Core can be used in a multi-user environment, it would be safer to have the /etc/sysconfig/bfe file be created with $USER as the owner and restrict the permissions so that not all users can read the password out of the file. 

Thanks,
Brian

roberts:
I think all password should be eight of more characters.
I have added a length test for such.

^thehatsrule^:
FYI from the docs
--- Quote ---Passphrases may be between 8 and 56 characters
--- End quote ---

roberts:
Oh my, must test for no more that 56.

Navigation

[0] Message Index