[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: can I use a password to select book menu?
From: |
Glenn Washburn |
Subject: |
Re: can I use a password to select book menu? |
Date: |
Thu, 12 Sep 2013 16:56:50 -0500 |
Looks like I'm not the only one trying to implement "security through
obscurity". In fact, I've done just what you've suggested, only even
more obscure (the booter doesn't even know he needs to enter a
password). Of course, all my important stuff is encrypted anyway, but
I would like a casual attacker to be misdirected.
Here's an example of what I did:
============================================
echo "This is GRUB. Enter Password:"
read SECRET
if [ "$SECRET" == 'mypass' ]; then
# Load secret config
else
# Load normal config
fi
============================================
This still leaves somethings to be desired. Notably the password will
show up on the screen. I've not been able to figure out if its
possible to not output entered text to the screen. Also the password
must be stored in the configfile (I don't think a hash could be used
because a script can't get the output of the hashing commands). So
don't use a super secret password (regardless). You probably want to
have an incorrect password boot windows directly so as not give the
user a chance to read your config (possible if user knows grub and cat
module is installed).
I embed this config file in the core.img so its more difficult for an
attacker to view it (and thus the trickery involved). If its just
plainly on your filesystem, couldn't they boot to windows and then view
it?
Cheers
Glenn
On Thu, 12 Sep 2013 16:26:39 +0200
address@hidden wrote:
> Hello,
>
> I was wanderinh wether I can use a password (and only the password) to
> select the boot device. Like this invented example:
>
> This is GRUB. Enter Password.
>
> Now, if I give, say, "topsecret" as password, the first boot menu will
> be selected, if I give "abcd" the second one. The point is not to let
> to know the user if there is more than one boot option.
>
> Why that??
>
> Imagine you're in a airport, say, and have two volumes on your disk. A
> dummy one and an encrypted real one. You're asked to start you
> computer. Okay, no problem Sir, I enter the pass "abcd" and an old
> windoze boots, with some stupid family pictures in it, to divert
> attention. However, if I want to work on it, I enter "topsecret" and
> my encrypted favorite linux boots. It is clear that this type of
> "security" is not really safe, but most such controls are done by
> simple security guys, who will never realize what happens :)
>
> Thanks for help!
>
> _______________________________________________
> Help-grub mailing list
> address@hidden
> https://lists.gnu.org/mailman/listinfo/help-grub