Tiny Core Linux
Tiny Core Base => TCB Bugs => Topic started by: ixbrian on September 04, 2010, 11:15:23 PM
-
I was trying out the "protect" bootcode today and ran into an issue. I booted with the protect bootcode, and when prompted I set my password. I tried doing a backup via both the filetool GUI and the filetool.sh command line tool. In both cases, the tools hung indefinitely. It turns out the problem was that I had chosen a password at bootup that was less than 8 characters long, and bcrypt requires the password to be 8 or more characters, and if it isn't, it just keeps prompting for the password again which is why the filetool utilities were hanging.
I would suggest adding some logic to getpasswd() in tc-functions that checks if $1 is equal to "encryption", and if so verify that the password entered is at least 8 characters long, and if not, print an notification to the user that the password must be 8 or more characters long. I made these modifications to getpasswd() and can post them if it would be helpful.
On a related note, since Tiny Core can be used in a multi-user environment, it would be safer to have the /etc/sysconfig/bfe file be created with $USER as the owner and restrict the permissions so that not all users can read the password out of the file.
Thanks,
Brian
-
I think all password should be eight of more characters.
I have added a length test for such.
-
FYI from the docs
Passphrases may be between 8 and 56 characters
-
Oh my, must test for no more that 56.