Anti Thief For Nano Note

EdorFaus edorfaus at xepher.net
Wed Oct 10 22:17:11 EDT 2012


On 10/11/2012 03:26 AM, Alexander Stephen Thomas Ross wrote:
> On 11/10/12 01:40, Freemor wrote:
>> Next version is planned to:
>>     hashed password

> For hashing md5,sh1 are cracked. So SHA224 or 256? Is SHA*** over kill?

I would think that the proper thing to do would be to use the system 
password for the user that is logging in (which is probably root here), 
and to use the existing libraries etc. for that part of it instead of 
reimplementing it yourself.

That would let you ignore how exactly the password is hashed and stored, 
since that's taken care of for you by the system (and probably at least 
as securely as you'd manage yourself), and also means the user can use 
the standard tools for setting the password (such as the "passwd" 
command), and gets to use the same password for ssh logins.

That would make it basically equivalent to an X display manager (such as 
gdm), or maybe an X screen locker, just specialized for our purposes 
instead of managing X displays.

I'll admit that I've never done this myself, so I don't know how hard it 
would be to implement the login bits properly, but it *has* been done 
before, so it must be possible...

You may want to take a look at libpam, if PAM is used on the NN, or 
maybe the "login" program (from the (installed by default) package with 
the same name in Debian). (I don't have my NN right now to check if it 
has those things myself.)

As for making it only show up at boot, that could probably be done by 
putting it in the boot process before gmenu2x, and having the boot 
process wait for it before continuing.

Possibly better/easier would be to keep it where you have it, so that it 
runs before gmenu2x always, but keep a marker file on a tmpfs somewhere 
that is created after a successful login and makes it "autologin" when 
present. That would also allow you to make a "lock screen" app that 
simply deletes that file...

Another thing to consider is that it is usually possible to switch to a 
different VT, so you'll probably want to either block that, or (better) 
ensure that those other VTs require login as well (which should be 
fairly easy to do by configuring init, I think).

-- 
Regards,
EdorFaus




More information about the discussion mailing list


interactive