Ventoy Password Plugin

With this plugin, we can set a password for Ventoy or for some image file when boot it.
It should be noted that, this is a very very simple password feature and should only be used for simple protection or misoperation prevention.

Attention: grub's support for numeric keypad is not perfect. So don't use the numeric keypad when you input password.

  • Json Configuration

A password object is defined to describe the configuration in /ventoy/ventoy.json

{
    "password": {
        "bootpwd": "txt#123456",
        "isopwd": "txt#111",
        "wimpwd": "txt#222",
        "imgpwd": "txt#333",
        "vhdpwd": "txt#444",
        "efipwd": "txt#555",
        "vtoypwd": "txt#666",
        "menupwd": [
            {
                "parent":"/MyVhdDir/WindowsVHD",
                "pwd":"md5#def#14fa11b4ab450b0204182266140e284d"
            },
            {
                "file":"/ISO/MX-19.1_x64.iso",
                "pwd":"md5#e10adc3949ba59abbe56e057f20f883e"
            },
            {
                "file":"/ISO/ubuntu-20.04-desktop-amd64.iso",
                "pwd":"md5#abc#0659c7992e268962384eb17fafe88364"
            }
        ]
    }
}

Key Type Description
bootpwd STRING Password when Ventoy is booting. Ventoy will exit after 3 retries.
isopwd STRING Default password for all .iso files. Will return to the main menu if input password is wrong.
wimpwd STRING Default password for all .wim files. Will return to the main menu if input password is wrong.
imgpwd STRING Default password for all .img files. Will return to the main menu if input password is wrong.
vhdpwd STRING Default password for all .vhd/.vhdx files. Will return to the main menu if input password is wrong.
efipwd STRING Default password for all .efi files. Will return to the main menu if input password is wrong.
vtoypwd STRING Default password for all .vtoy files. Will return to the main menu if input password is wrong.
file STRING The full path of the image file. This option supports fuzzy matching, please refer About Path Matching
parent STRING The full path of the parent directory. All files (.iso/.wim/.img ...) will use the same password. The trailing slash must be removed.
pwd STRING Password when booting the image file. Will return to the main menu if input password is wrong.
  • Password Priority

menupwd file > menupwd parent > isopwd/wimpwd/imgpwd...

  • Password Format
Format Example Desc
Plain text txt#123456 Password in simple plain text format. The max length is 32. txt# is a fixed prefix followed by password.
Note that there can be no double quotes in the password " because the embedded json parser is very simple.
Escape characters are also not supported.
Normal MD5 md5#e10adc3949ba59abbe56e057f20f883e A fixed prefix md5# followed by the MD5 hash of the password. In this example, the MD5 is correspond to 123456
Salt MD5 md5#abc#0659c7992e268962384eb17fafe88364 A fixed md5#xxx# prefix followed by a MD5. xxx is the salt with max length 16. The MD5 is correspond to salt+password.
In this example, the password is 123456 and the MD5 is correspond to abc123456.

Here is a brief explanation of the last "salt" MD5.
Becasue that same password will generate same MD5. So, suppose you set the same password for different files, if you use a common MD5 value , so that although others don’t know what the password is, they can tell at a glance that your passwords are the same because they have the same MD5 value. This is not so good.
So here you can add some random characters (which is so called "salt") before the password and then generate the MD5 value of the "spliced" data. The length of "salt" is not fixed, generally a few characters are enough.
For example, the following passwords are all 123456, but correspondingly with a/b/c/d as the "salt", so the MD5 values are completely different.

md5#a#dc483e80a7a0bd9ef71d8cf973673924
md5#b#8df32286deed62bae5bf746672805c78
md5#c#ad07fb25aa2d3a9f96ee12f25e0be902
md5#d#adf00707a1c0154a9ad8edb57c8646f4

Note that when inputting password, only the password part is needed, never input the "salt" part.

  • MD5

You can use some online tool (e.g. https://www.pelock.com/products/hash-calculator ) to generate MD5.
Besides, you can use the following command to generate MD5 if you have a linux shell enviroment. (-n option is necessary)

echo -n 123456|md5sum

  • Multi-Mode

Supported. You can set different configurations for different BIOS mode. Please refer Multi-Mode Option for details.