grub-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] read --echo=[yes|no|wildcard]

From: Isaac Dupree
Subject: Re: [PATCH] read --echo=[yes|no|wildcard]
Date: Sun, 10 Feb 2008 13:00:50 -0500
User-agent: Thunderbird 2.0.0.6 (X11/20071022) 
Robert Millan wrote:

I think that it'd be better to just erase all our environment in
grub_machine_fini() or a similar routine, than to give read specific knowledge
that its data needs this kind of special protection.  Besides, it wouldn't be
that simple since the data is controlled by the user via grub.cfg, not directly
by GRUB.
I wonder if this erasing would take any significant amount of time (in which case there would be a reason not to implement that to happen all the time) 


Anyway, untill we support hashing this doesn't provide any additional security,
since you can get the same from grub.cfg ;-)
fairly true, assuming nothing weird happens like grub.cfg being thoroughly deleted in the meantime :-)
anyway if a hash is used that takes (by design) around one second on the machine (e.g. sha256 repeated thousands? millions? of times), then I suppose the time taken to erase the memory used by GRUB would be trivial in comparison, assuming(rightly or wrongly) a good implementation... 

-Isaac
reply via email to
[Prev in Thread] Current Thread [Next in Thread]