Detailed explanation: MD5 encryption method of GRUB in Linux

Article Title: Detailed explanation: MD5 encryption method of GRUB in Linux. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

　　1. Use the grub-md5-crypt to generate the md5 password of GRUB;

Through the grub-md5-crypt to add the password GRUB Password calculation, for example, we want to set the grub Password is 123456, so we first use md5 to encrypt the password 123456

[Root @ linux01 beinan] #/sbin/grub-md5-crypt

Password: Enter 123456 here

Retype password: Enter 123456 again

$1 $7uDL20 $ eSB. XRPG2A2Fv8AeH34nZ0

$1 $7uDL20 $ eSB. XRPG2A2Fv8AeH34nZ0 is the value generated after the password is added through the grub-md5-crypt. We need to remember this value, but it is still a bit useful.

　　2. Change/etc/grub. conf

For example, the content of my original/etc/grub. conf file is as follows.

Default = 1

Timeout = 10

Splashimage = (hd0, 7)/boot/grub/splash.xpm.gz

Title Fedora Core (2.4.22-1.2061.nptl)

Root (hd0, 7)

Kernel/boot/vmlinuz-2.4.22-1.2061.nptl ro root = LABEL =/

Initrd/boot/initrd-2.4.22-1.2061.nptl.img

Title WindowsXP

Rootnoverify (hd0, 0)

Chainloader + 1

Therefore, I want to add password -- md5 $1 $7uDL20 $ eSB. XRPG2A2Fv8AeH34nZ0 to/etc/grub. conf, and where should I add the lock? Please refer to the following changes to the instance;

Timeout = 10

Splashimage = (hd0, 7)/boot/grub/splash.xpm.gz

Password -- md5 $1 $7uDL20 $ eSB. XRPG2A2Fv8AeH34nZ0

Title Fedora Core (2.4.22-1.2061.nptl)

Lock

Root (hd0, 7)

Kernel/boot/vmlinuz-2.4.22-1.2061.nptl ro root = LABEL =/

Initrd/boot/initrd-2.4.22-1.2061.nptl.img

Title WindowsXP

Rootnoverify (hd0, 0)

Chainloader + 1

Lock means that the Redhat Fedora is locked. If an error occurs during startup. Press the P key and then enter the password.

Use the password and lock commands to implement the following encryption methods:

1) encrypt the GRUB interface, instead of adding a line below the timeout line to encrypt the guided system: password -- md5 PASSWORD

2) encrypt the GRUB interface and add a line of password-md5 PASSWORD under the line of title to encrypt the guided system under the timeout line: lock

3) Multiple boot systems exist at the same time. encryption is performed on specific system instances (without GRUB operation interface encryption) by adding a line below the title line: lock is followed by another line below the lock Line: password -- md5 PASSWORD Note: lock cannot be used separately.

Let's take a closer look, from the above we modified/etc/grub. conf has used our first step through the/grub-md5-crypt generated password ?? Is it a bit secure?