Password protected BOOT-Proms are a considerable improvement over the standard security measures offered by the PC architecture, but they are still vulnerable to a variety of attacks. Most of these attacks are related to the weaknesses of the BOOTP and TFTP protocol and these issues are discussed in another section of text.
As the BOOT-Prom cannot store the passwords locally, it has to request them from the BOOTP/TFTP server. The BOOTP and TFTP protocols do not allow for any elaborate challenge/response authorization scheme. Thus the BOOT-Prom requests the password from the server and subsequently compares it with the password as input by the user. As packets transmitted on the ethernet can easily be monitored, the server sends a MD5 message digest (as invented by Ron Rivest/"RSA Data Security, Inc.") of the actual password. The BOOT-Prom computes the MD5 value for the user input and compares these two values. It is generally believed that there is no way of computing a valid plain text from a known MD5 message digest, other than comparing it against all conceivable input texts. Thus, this approach is still vulnerable against dictionary attacks. You should aim for using long passwords (although, anything beyond 20 characters is unlikely to considerably improve the security of the password) which are not listed in any dictionary. Make sure that these passwords are memorized and not available in un-encrypted form. Replace the passwords regularly and do not offer more menu entries in the BOOTP data than are absolutely neccessary.