[syslinux] PXE and Security Issues

Cristi cristi.mitrana at gmail.com
Thu May 24 03:16:54 PDT 2007


On 5/24/07, H. Peter Anvin <hpa at zytor.com> wrote:
> Plaul, Markus wrote:
> > Hi guys,
> >
> > im about write a project about pxe. How it works etc but im stucking at
> > the security thing. Well pxe has this menu password feature using SHA-1,
> > but since sha-1 is hacked, i cant stick with it saying sha-1 is safe
> > ..etc. What else could i add when it comes to network boot, pxe and
> > security besides BIS? I would really appricate some ideas or help. Thx
> > in advance
> >
>
> Last I heard SHA-1 was still more secure than MD5 was uncracked, but
> maybe there are updates.
>

 SHA-1 'hacked' is a big word, AFAIK for both MD5 and SHA-1 there are
some 'classes' of bit patterns that can be used to obtain the same
hash by craftfully appending them into 2 different strings
(collisions). Obtaining the cleartext from a hashed string by
bruteforce is still not feasible.
  Before a more secure hash algo is to be found people could use
sha-256 and higher, for which the collision attacks are too expensive
to be realy a threat.

-- 
mitu




More information about the Syslinux mailing list