Package: grub-pc Version: 2.02~beta2-19 Severity: wishlist Tags: patch When setting up grub to password-protect commandline edition (see configuration hints in my comment to #545163), it can take some effort in case of error to determine whether the password is wrong, or whether it is wrongly entered because of the keyboard layout.
What I wanted to do is to check that the password I expected was the one in the password_pbkdf2 statement, which required a bit of work, since grub-mkpasswd-pbkdf2 generates a new salt on each run. The attached python script generates the hashed password from the password and the salt. Comparison is lefta as an exercise through visual inspection :)
#!/usr/bin/python from Crypto.Hash import SHA512 import pbkdf2 import sys # default grub-mkpasswd-pbkdf2 settings ITERATIONS = 10000 LENGTH = 64 def unpack(s): if s: return chr(int(s[:2], base=16)) + unpack(s[2:]) return '' _, passwd, salt = sys.argv print pbkdf2.PBKDF2(passwd, unpack(salt), iterations=ITERATIONS, digestmodule=SHA512).hexread(LENGTH).upper()