Just to "complete" the range of available solutions, here is a small batch, salt.cmd that generates a semi-random 4 characters "salt".
Though it is, rather obviously, painfully slow to execute (about five seconds on my VIA Epia), it generates a "salt" that, though still pseudo-random, appears to be "more" random that the one that grub4dos provides.
The batch includes a limited number of characters (the "safe" ones) and makes a 4 characters salt.
It seems that the
md5crypt command in grub4dos, beside, as said, being linked to system time, produces either a 3 or a 4 character salt.
Most probably the
password command allows also for up to 8 characters in salt, as the original FreeBSD implementation, but I haven't tested it.
As far as making a CD expire I wrote up an autoit script that runs before PEShell (so wpeinit gets loaded with all the nic drivers). It downloads a file that has a date on it. If the current date is equal to or less than 0 then the cd has expired and reboots the machine. If it is not able to download the file (off network or on different network then it uses a specified date thats coded into the script (could use a date of a file creation on the cd as well).
This is great for a work environment. If you suspect someone has a cd of yours you can easily shutdown its use. Also if you want your techies to be sure to have the latest version of VistaPE you know they will be forced to get an update since their CD will expire.
Let me know if you are interested.
@powaking
Don't take it the wrong way
, but it seems to me not the most useful feature.
I mean, assuming that most of the time one boots from a CD for recovery purposes, (and thus it is a very good idea
having it protected with the password to prevent unauthorized use / use by people with not enough knowledge to use it) having this kind of "online verification" means that if something goes wrong with your system and for any reason the network hardware or the server holding the file does not work, you are basically the (proud) user of an unbootable system
AND of an unbootable recovery CD.
Nonetheless, though I personally have not an use for this feature, it is interesting, and the part of loading early in booting and being able to download files from network could be re-used in some other ideas.
So it would be nice if you post it to a new thread (as to not mix too many things in this one) I am sure that some member will appreciate it.
jaclaz
P.S.: The java .exe grubcrypt.exe seems not "portable", here is what I get in a non-java-1.5-installed PC :
grubcrypt testException in thread "main" java.lang.UnsupportedClassVersionError: GrubMd5Crypt(Unsupported major.minor version 49.0) at java.lang.ClassLoader.defineClass0(Native Method) at java.lang.ClassLoader.defineClass(Unknown Source) at java.security.SecureClassLoader.defineClass(Unknown Source) at java.net.URLClassLoader.defineClass(Unknown Source) at java.net.URLClassLoader.access$100(Unknown Source) at java.net.URLClassLoader$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClassInternal(Unknown Source)
there must be some dependency left