Hi folks, I've been working on improving the security of NuttX's /etc/passwd login system and would like to share the approach and get feedback before the PR( https://github.com/apache/nuttx/pull/19209) is finalized.
Problem The current /etc/passwd implementation uses TEA (Tiny Encryption Algorithm) to store passwords: root:8Tv+Hbmr3pLVb5HHZgd26D:0:0:/ TEA is a symmetric cipher; it encrypts and decrypts. This means: 1. The 4 TEA keys (KEY1-KEY4) must live in firmware flash 2. Anyone with a firmware dump + those keys can decrypt every password directly — no brute force needed Proposed solution Replace TEA with PBKDF2-SHA256, a standard one-way key derivation function New passwd entry format: root:$pbkdf2-sha256$10000$<base64url-salt>$<base64url-hash>:0:0:/ Security properties: - One-way: cannot be reversed even with full passwd file + firmware - Per-hash random 16-byte salt: prevents rainbow table attacks, two users with the same password get different hashes - No keys in firmware: nothing secret to extract from flash - TEA keys (CONFIG_FSUTILS_PASSWD_KEY1..4) removed entirely I also added password complexity enforcement at build time (promptpasswd.sh and mkpasswd): - Minimum 8 characters - At least one uppercase letter (A-Z) - At least one lowercase letter (a-z) - At least one digit (0-9) - At least one special character (!@#$%^&*...) Weak passwords are rejected before they ever reach firmware. Breaking change and migration: Existing TEA hashes will not verify against the new code. For ROMFS targets (sim:login, esp32c3-devkit etc.): make distclean ./tools/configure.sh <board>:<config> make -j$(nproc) # Build prompts for new password # Reflash device No source files are deleted. Only the firmware binary is rebuilt. A trade-off for time present. Build tested on sim:login. Password prompt, complexity validation, hash generation, and login verification all working. Feedback welcome, especially from anyone running writable passwd targets or with very limited CPU. Thanks, Abhishek
