md5 and setting up a serial console

Fernando Cassia fcassia at gmail.com
Mon Jul 9 03:47:56 UTC 2012 

Given that MD5 is nowadays considered unsafe

----
In 2004, more serious flaws were discovered in MD5, making further use
of the algorithm for security purposes questionable—specifically, a
group of researchers described how to create a pair of files that
share the same MD5 checksum.[4][5] Further advances were made in
breaking MD5 in 2005, 2006, and 2007.[6] In December 2008, a group of
researchers used this technique to fake SSL certificate
validity,[7][8] and US-CERT now says that MD5 "should be considered
cryptographically broken and unsuitable for further use."[9] and most
U.S. government applications now require the SHA-2 family of hash
functions
----
http://en.wikipedia.org/wiki/MD5

I wonder if following this tutorial is safe

http://www.howtoforge.com/setting_up_a_serial_console

---

GRUB configuration

The next step is to edit the GRUB configuration, so it sends its
messages to the serial console. One of the most important things is to
set a password, otherwise anyone can connect a serial cable, edit the
GRUB configuration line while the system is booting (via the "e" key),
and get root access. When a password is set, interactive menu editing
will be disabled, unless the correct password is entered. To set the
password, we first need to get the encrypted version of it.

Run grub, and use the "md5crypt" command to encrypt the password:

grub> md5crypt

Password: ********
Encrypted: $1$AlfMq1$FxRolxW5XvSLAOksiC7MD1

Copy the encrypted version of the password (we need it for the next
step), and then type quit to exit.

Now, we need to edit the GRUB configuration. Edit the
/boot/grub/menu.lst file (by typing nano /boot/grub/menu.lst), and
find this section:

## password ['--md5'] passwd
   # If used in the first section of a menu file, disable all
interactive editing
   # control (menu entry editor and command-line)  and entries protected by the
   # command 'lock'
   # e.g. password topsecret
   #      password --md5 $1$gLhU0/$aW78kHK1QfV3P2b2znUoe/
   # password topsecret

Below that, add:

password --md5 $1$AlfMq1$FxRolxW5XvSLAOksiC7MD1
serial --unit=0 --speed=38400 --word=8 --parity=no --stop=1
terminal --timeout=10 serial console
---

I wonder:

1. is there an updated tuturial on getting a serial console working in f17?

2. since that 2007 tutorial used grub, and fedora 17 uses grub2 I
wonder if there´s also a need to specify a hashed password in a grub2
conf file, and if there are options to use a hashing algorithm
different than md5

Thanks...
FC
--
During times of Universal Deceit, telling the truth becomes a revolutionary act
Durante épocas de Engaño Universal, decir la verdad se convierte en un
Acto Revolucionario
- George Orwell

More information about the users mailing list