Anti Thief For Nano Note
edorfaus at xepher.net
Wed Oct 10 22:17:11 EDT 2012
On 10/11/2012 03:26 AM, Alexander Stephen Thomas Ross wrote:
> On 11/10/12 01:40, Freemor wrote:
>> Next version is planned to:
>> hashed password
> For hashing md5,sh1 are cracked. So SHA224 or 256? Is SHA*** over kill?
I would think that the proper thing to do would be to use the system
password for the user that is logging in (which is probably root here),
and to use the existing libraries etc. for that part of it instead of
reimplementing it yourself.
That would let you ignore how exactly the password is hashed and stored,
since that's taken care of for you by the system (and probably at least
as securely as you'd manage yourself), and also means the user can use
the standard tools for setting the password (such as the "passwd"
command), and gets to use the same password for ssh logins.
That would make it basically equivalent to an X display manager (such as
gdm), or maybe an X screen locker, just specialized for our purposes
instead of managing X displays.
I'll admit that I've never done this myself, so I don't know how hard it
would be to implement the login bits properly, but it *has* been done
before, so it must be possible...
You may want to take a look at libpam, if PAM is used on the NN, or
maybe the "login" program (from the (installed by default) package with
the same name in Debian). (I don't have my NN right now to check if it
has those things myself.)
As for making it only show up at boot, that could probably be done by
putting it in the boot process before gmenu2x, and having the boot
process wait for it before continuing.
Possibly better/easier would be to keep it where you have it, so that it
runs before gmenu2x always, but keep a marker file on a tmpfs somewhere
that is created after a successful login and makes it "autologin" when
present. That would also allow you to make a "lock screen" app that
simply deletes that file...
Another thing to consider is that it is usually possible to switch to a
different VT, so you'll probably want to either block that, or (better)
ensure that those other VTs require login as well (which should be
fairly easy to do by configuring init, I think).
More information about the discussion