FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 07-09-2012, 03:47 AM
Fernando Cassia
 
Default md5 and setting up a serial console

Given that MD5 is nowadays considered unsafe

----
In 2004, more serious flaws were discovered in MD5, making further use
of the algorithm for security purposes questionable—specifically, a
group of researchers described how to create a pair of files that
share the same MD5 checksum.[4][5] Further advances were made in
breaking MD5 in 2005, 2006, and 2007.[6] In December 2008, a group of
researchers used this technique to fake SSL certificate
validity,[7][8] and US-CERT now says that MD5 "should be considered
cryptographically broken and unsuitable for further use."[9] and most
U.S. government applications now require the SHA-2 family of hash
functions
----
http://en.wikipedia.org/wiki/MD5

I wonder if following this tutorial is safe

http://www.howtoforge.com/setting_up_a_serial_console

---

GRUB configuration

The next step is to edit the GRUB configuration, so it sends its
messages to the serial console. One of the most important things is to
set a password, otherwise anyone can connect a serial cable, edit the
GRUB configuration line while the system is booting (via the "e" key),
and get root access. When a password is set, interactive menu editing
will be disabled, unless the correct password is entered. To set the
password, we first need to get the encrypted version of it.

Run grub, and use the "md5crypt" command to encrypt the password:

grub> md5crypt

Password: ********
Encrypted: $1$AlfMq1$FxRolxW5XvSLAOksiC7MD1

Copy the encrypted version of the password (we need it for the next
step), and then type quit to exit.

Now, we need to edit the GRUB configuration. Edit the
/boot/grub/menu.lst file (by typing nano /boot/grub/menu.lst), and
find this section:

## password ['--md5'] passwd
# If used in the first section of a menu file, disable all
interactive editing
# control (menu entry editor and command-line) and entries protected by the
# command 'lock'
# e.g. password topsecret
# password --md5 $1$gLhU0/$aW78kHK1QfV3P2b2znUoe/
# password topsecret

Below that, add:

password --md5 $1$AlfMq1$FxRolxW5XvSLAOksiC7MD1
serial --unit=0 --speed=38400 --word=8 --parity=no --stop=1
terminal --timeout=10 serial console
---

I wonder:

1. is there an updated tuturial on getting a serial console working in f17?

2. since that 2007 tutorial used grub, and fedora 17 uses grub2 I
wonder if there´s also a need to specify a hashed password in a grub2
conf file, and if there are options to use a hashing algorithm
different than md5

Thanks...
FC
--
During times of Universal Deceit, telling the truth becomes a revolutionary act
Durante épocas de Engaño Universal, decir la verdad se convierte en un
Acto Revolucionario
- George Orwell
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 07-09-2012, 04:17 PM
Michael Cronenworth
 
Default md5 and setting up a serial console

Fernando Cassia wrote:
> 1. is there an updated tuturial on getting a serial console working in f17?

F17 uses GRUB2. Find any GRUB2 docs for serial terminals online or at
your terminal:
$ info grub2
/Serial[ENTER]

> 2. since that 2007 tutorial used grub, and fedora 17 uses grub2 I
> wonder if theres also a need to specify a hashed password in a grub2
> conf file, and if there are options to use a hashing algorithm
> different than md5

I believe GRUB2 uses SHA512. You can even pass a salt.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 07-09-2012, 04:23 PM
Fernando Cassia
 
Default md5 and setting up a serial console

On Mon, Jul 9, 2012 at 1:17 PM, Michael Cronenworth <mike@cchtml.com> wrote:
> I believe GRUB2 uses SHA512. You can even pass a salt.

Thanks!
My concern was that grub2 were still using md5

FC
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 

Thread Tools




All times are GMT. The time now is 04:55 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org