H@L0_F00 Posted August 27, 2009 Share Posted August 27, 2009 You can password protect your Multipass a couple different ways. You can also use both plain-text or a salted MD5 hash. To generate an MD5 hash of your preferred password 1. Boot up Grub4DOS 2. Press 'c' which brings you to the command line 3. Type in "md5crypt" and press Enter 4. It will ask you for a password, input your password. 5. The hash will be created, write it down EXACTLY HOW IT APPEARS. My USB-TestVM would work well with this so that you can type everything in on the host instead of having to write it all down which can be a pain when you have bad handwriting or can't always decipher your '5' from your 'S.' Now you've got a salted MD5 hash of your password, you can use this instead of plain-text for a little bit more security. (Although the password can EASILY be bypassed with a program as simple as notepad. More on that later.) Ok, now you must implement the password in your menu.lst (this can be used on any .lst file though). Let's say I use the password "multipass" and get the hash of "$1$vqP3$/KfP4fwz0nDBeFiEf0INP0" To password protect editing of the boot options at the Grub4DOS boot (where it shows your menu.lst) default 0 splashimage /multiboot/splashimages/tux.xpm.gz password --md5 $1$vqP3$/KfP4fwz0nDBeFiEf0INP0 This requires the user to "gain privileged control" before editing any of the listed boot options or using the command line. To gain privileged control press 'p', type in your password, and press Enter. Now you can edit the boot options and have access to the command line. You can make it so the user must gain privileged control before executing any of the boot options by using the "lock" command in your boot sequence like this: (Note-you must have a password set at the beginning of the config file (posted above) to use this) title Something lock kernel /multiboot/something/vmlinuz initrd /multiboot/something/initrd.gz Now, if you try to boot "Something" you are denied "Error 32: Must be authenticated" which you solve by authenticating (pressing 'p' and typing in your password). You can add the "lock" command to any boot sequence, just remember that it stops executing when it reaches the "lock" command, so if you put it at the end, it's still bootable without authentication. To request a password when the boot option is selected title Something password --md5 $1$vqP3$/KfP4fwz0nDBeFiEf0INP0 kernel /multiboot/something/vmlinuz initrd /multiboot/something/initrd.gz This will ask for a password when booting "Something" resulting in Error 32 if the password is incorrect. If I wanted, I could replace anywhere where it says "password --md5 $1$vqP3$/KfP4fwz0nDBeFiEf0INP0" with "password multipass" and it will do the exact same thing, except your password is then in plain-text in your menu.lst file. I don't know why you'd want to do this, but you can, so I put it out there. Although this does offer some type of "protection" from unwanted use of your multipass, to bypass it somebody could easily remove the "password" line and they're in. This does not encrypt, hide, or in any other way protect your data, everything is still on you flash drive and the password can be removed by an idiot. Quote Link to comment Share on other sites More sharing options...
Ingo Posted August 27, 2009 Share Posted August 27, 2009 Good guide for people who haven't played around GRUB all that much. My main comment to this is little off-topic, but considering... ... to bypass it somebody could easily remove the "password" line and they're in. ... everything is still on you flash drive and the password can be removed by an idiot. I think the password option (and the lock ofc) are propably ment from PC's where you would use GRUB as your basic boot loader, where I asume you can't just grab the "menu.lst", edit it and put it back in. Just my two cents. Quote Link to comment Share on other sites More sharing options...
Netshroud Posted August 27, 2009 Share Posted August 27, 2009 True, except you can then change the boot priority, boot off a USB, change the menu.lst and boot from the main GRUB :P Quote Link to comment Share on other sites More sharing options...
Ingo Posted August 27, 2009 Share Posted August 27, 2009 True, except you can then change the boot priority, boot off a USB, change the menu.lst and boot from the main GRUB :P Sure, but if someone is paranoid one can always crypt the HDD to prevent this, can't one :P Quote Link to comment Share on other sites More sharing options...
Netshroud Posted August 27, 2009 Share Posted August 27, 2009 Of course. Then we cold-boot it :D Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.