diff --git a/stand/defaults/loader.conf.5 b/stand/defaults/loader.conf.5
--- a/stand/defaults/loader.conf.5
+++ b/stand/defaults/loader.conf.5
@@ -178,7 +178,15 @@
 Protect boot menu with a password without interrupting
 .Ic autoboot
 process.
-The password should be in clear text format.
+The password may be in clear text format or the
+lua-loader additionally supports
+.Xr crypt 3
+format with algorithms 5 (SHA-256) or 6 (SHA-512).  When using
+.Xr crypt 3
+format passwords remember to escape any
+.Dq Li \[Do]
+with
+.Dq Li \e .
 If a password is set, boot menu will not appear until any key is pressed during
 countdown period specified by
 .Va autoboot_delay
@@ -190,7 +198,15 @@
 .It Ar bootlock_password
 Provides a password to be required by check-password before execution is
 allowed to continue.
-The password should be in clear text format.
+The password may be in clear text format or the
+lua-loader additionally supports
+.Xr crypt 3
+format with algorithms 5 (SHA-256) or 6 (SHA-512).  When using
+.Xr crypt 3
+format passwords remember to escape any
+.Dq Li \[Do]
+with
+.Dq Li \e .
 If a password is set, the user must provide specified password to boot.
 .It Ar verbose_loading
 If set to
diff --git a/stand/lua/Makefile b/stand/lua/Makefile
--- a/stand/lua/Makefile
+++ b/stand/lua/Makefile
@@ -17,7 +17,9 @@
 	color.lua \
 	config.lua \
 	core.lua \
+	crypt.lua \
 	drawer.lua \
+	hashes.lua \
 	hook.lua \
 	loader.lua \
 	gfx-beastie.lua \
diff --git a/stand/lua/crypt.lua b/stand/lua/crypt.lua
new file mode 100644
--- /dev/null
+++ b/stand/lua/crypt.lua
@@ -0,0 +1,326 @@
+local hashes = require("hashes")
+
+local tcpser="$6$2pbcyRkgg8MvJ.K8$b7P4JodZgxezWBIE1xiUPY9a//9NOpTfGWqDLa1Wd37kcZrQN/s0hP/tI.dS2E/Etw7xETK5TmU9IS9lkModf1"
+
+local b64_alphabet = {'.', '/', '0', '1', '2', '3', '4', '5', '6', '7', '8',
+		'9', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K',
+		'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W',
+		'X', 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i',
+		'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u',
+		'v', 'w', 'x', 'y', 'z'}
+
+local shaX_rounds_prefix = "rounds="
+local shaX_rounds_default = 5000
+local shaX_rounds_min = 1000
+local shaX_rounds_max = 999999999
+local shaX_salt_max = 16
+
+local function b64_from_24bit(b2, b1, b0, n)
+	local w = ((b2 & 0xff) << 16) | ((b1 & 0xff) << 8) | (b0 & 0xff)
+	local s = ""
+	for i = 1, n do
+		s = s .. b64_alphabet[ (w & 0x3f) + 1]
+		w = w >> 6
+	end
+	return s
+end
+
+local function min(a, b)
+	if a < b then
+		return a
+	end
+	return b
+end
+
+local function max(a, b)
+	if a > b then
+		return a
+	end
+	return b
+end
+
+local crypt = {}
+
+function crypt.sha256(salthash, password)
+	local rounds = shaX_rounds_default
+	local custom_rounds=false
+
+	if string.sub(salthash, 1, #shaX_rounds_prefix) == shaX_rounds_prefix then
+		local end_rounds = string.find(salthash, "%$")
+		if end_rounds ~= nil then
+			local new_rounds = tonumber(string.sub(salthash, #shaX_rounds_prefix + 1, end_rounds - 1))
+			if new_rounds ~= nil then
+				rounds = max(shaX_rounds_min, min(new_rounds, shaX_rounds_max));
+				custom_rounds=true
+				salthash = string.sub(salthash, end_rounds + 1)
+			end
+		end
+	end
+	local saltsplit = string.find(salthash, '%$')
+	if saltsplit == nil then
+		saltsplit = #salthash+1
+	end
+	if saltsplit > (shaX_salt_max + 1) then
+		saltsplit = shaX_salt_max + 1
+	end
+	local salt = string.sub(salthash, 1, saltsplit-1)
+
+	local sha256 = hashes.sha256()
+	sha256(password)
+	sha256(salt)
+
+	local sha256_alt = hashes.sha256()
+	sha256_alt(password)
+	sha256_alt(salt)
+	sha256_alt(password)
+
+	local alt_result = sha256_alt()
+	-- for each character of the password, add alt_result (wrapping as needed)
+	for cnt = #password, 33, -32 do
+		sha256(alt_result)
+	end
+	sha256(string.sub(alt_result, 1, #password % 32))
+
+	local count = #password
+	while count > 0 do
+		if (count & 1) ~=0 then
+			sha256(alt_result)
+		else
+			sha256(password)
+		end
+		count = count >> 1
+	end
+
+	alt_result=sha256()
+
+	-- P sequence
+	sha256 = hashes.sha256()
+	for cnt=1,#password do
+		sha256(password)
+	end
+	local temp_result = sha256()
+	local p_bytes = ""
+
+	while #p_bytes ~= #password do
+		p_bytes = p_bytes .. string.sub(temp_result, 1,
+			min(#temp_result, #password-#p_bytes))
+	end
+
+	-- S sequence
+	sha256 = hashes.sha256()
+	for cnt=1, 16 + string.byte(alt_result, 1) do
+		sha256(salt)
+	end
+	temp_result = sha256()
+
+	local s_bytes = ""
+	while #s_bytes ~= #salt do
+		s_bytes = s_bytes .. string.sub(temp_result, 1,
+			min(#temp_result, #salt - #s_bytes))
+	end
+
+	for cnt=0, rounds-1 do
+		sha256 = hashes.sha256()
+		if (cnt & 1) ~= 0 then
+			sha256(p_bytes)
+		else
+			sha256(alt_result)
+		end
+		if (cnt % 3) ~= 0 then
+			sha256(s_bytes)
+		end
+		if (cnt % 7) ~= 0 then
+			sha256(p_bytes)
+		end
+		if (cnt & 1) ~= 0 then
+			sha256(alt_result)
+		else
+			sha256(p_bytes)
+		end
+		alt_result = sha256()
+	end
+	local s = "$5$"
+	if custom_rounds then
+		s = s .. "rounds=" .. rounds .. "$"
+	end
+
+	s = s .. salt .. "$"
+	s = s .. b64_from_24bit(string.byte(alt_result, 1), string.byte(alt_result, 11), string.byte(alt_result, 21), 4);
+	s = s .. b64_from_24bit(string.byte(alt_result, 22), string.byte(alt_result, 2), string.byte(alt_result, 12), 4);
+	s = s .. b64_from_24bit(string.byte(alt_result, 13), string.byte(alt_result, 23), string.byte(alt_result, 3), 4);
+	s = s .. b64_from_24bit(string.byte(alt_result, 4), string.byte(alt_result, 14), string.byte(alt_result, 24), 4);
+	s = s .. b64_from_24bit(string.byte(alt_result, 25), string.byte(alt_result, 5), string.byte(alt_result, 15), 4);
+	s = s .. b64_from_24bit(string.byte(alt_result, 16), string.byte(alt_result, 26), string.byte(alt_result, 6), 4);
+	s = s .. b64_from_24bit(string.byte(alt_result, 7), string.byte(alt_result, 17), string.byte(alt_result, 27), 4);
+	s = s .. b64_from_24bit(string.byte(alt_result, 28), string.byte(alt_result, 8), string.byte(alt_result, 18), 4);
+	s = s .. b64_from_24bit(string.byte(alt_result, 19), string.byte(alt_result, 29), string.byte(alt_result, 9), 4);
+	s = s .. b64_from_24bit(string.byte(alt_result, 10), string.byte(alt_result, 20), string.byte(alt_result, 30), 4);
+	s = s .. b64_from_24bit(0, string.byte(alt_result, 32), string.byte(alt_result, 31), 3);
+
+	return s
+end
+
+function crypt.sha512(salthash, password)
+	local rounds = shaX_rounds_default
+	local custom_rounds=false
+	if string.sub(salthash, 1, #shaX_rounds_prefix) == shaX_rounds_prefix then
+		local end_rounds = string.find(salthash, "%$")
+		if end_rounds ~= nil then
+			local new_rounds = tonumber(string.sub(salthash, #shaX_rounds_prefix + 1, end_rounds - 1))
+			if new_rounds ~= nil then
+				rounds = max(shaX_rounds_min, min(new_rounds, shaX_rounds_max));
+				custom_rounds=true
+				salthash = string.sub(salthash, end_rounds + 1)
+			end
+		end
+	end
+	local saltsplit = string.find(salthash, '%$')
+	if saltsplit == nil then
+		saltsplit = #salthash+1
+	end
+	if saltsplit > (shaX_salt_max + 1) then
+		saltsplit = shaX_salt_max + 1
+	end
+	local salt = string.sub(salthash, 1, saltsplit-1)
+	local sha512 = hashes.sha512()
+
+	sha512(password)
+
+	sha512(salt)
+
+	local alt_sha512 = hashes.sha512()
+	alt_sha512(password)
+	alt_sha512(salt)
+	alt_sha512(password)
+	local alt_result = alt_sha512()
+	-- for each character of the password add the alt_result  (wrapping as needed)
+	for cnt = #password, 65, -64 do
+		sha512(alt_result)
+	end
+	sha512(string.sub(alt_result, 1, #password % 64))
+
+	local count = #password
+	while count > 0 do
+		if (count & 1) ~=0 then
+			sha512(alt_result)
+		else
+			sha512(password)
+		end
+		count = count >> 1
+	end
+
+	-- P sequence
+	alt_result=sha512()
+	sha512 = hashes.sha512()
+	for cnt=1,#password do
+		sha512(password)
+	end
+	local temp_result = sha512()
+	local p_bytes = ""
+
+	while #p_bytes ~= #password do
+		p_bytes = p_bytes .. string.sub(temp_result, 1,
+			min(#temp_result, #password-#p_bytes))
+	end
+
+	-- S sequence
+	sha512 = hashes.sha512()
+	for cnt=1, 16 + string.byte(alt_result, 1) do
+		sha512(salt)
+	end
+	temp_result = sha512()
+
+	local s_bytes = ""
+	while #s_bytes ~= #salt do
+		s_bytes = s_bytes .. string.sub(temp_result, 1,
+			min(#temp_result, #salt - #s_bytes))
+	end
+
+	for cnt=0, rounds-1 do
+		sha512 = hashes.sha512()
+		if (cnt & 1) ~= 0 then
+			sha512(p_bytes)
+		else
+			sha512(alt_result)
+		end
+		if (cnt % 3) ~= 0 then
+			sha512(s_bytes)
+		end
+		if (cnt % 7) ~= 0 then
+			sha512(p_bytes)
+		end
+		if (cnt & 1) ~= 0 then
+			sha512(alt_result)
+		else
+			sha512(p_bytes)
+		end
+		alt_result = sha512()
+	end
+	local s = "$6$"
+	if custom_rounds then
+		s = s .. "rounds=" .. rounds .. "$"
+	end
+	s = s .. salt .. "$"
+        s = s .. b64_from_24bit(string.byte(alt_result, 1), string.byte(alt_result, 22), string.byte(alt_result, 43), 4);
+        s = s .. b64_from_24bit(string.byte(alt_result, 23), string.byte(alt_result, 44), string.byte(alt_result, 2), 4);
+        s = s .. b64_from_24bit(string.byte(alt_result, 45), string.byte(alt_result, 3), string.byte(alt_result, 24), 4);
+        s = s .. b64_from_24bit(string.byte(alt_result, 4), string.byte(alt_result, 25), string.byte(alt_result, 46), 4);
+        s = s .. b64_from_24bit(string.byte(alt_result, 26), string.byte(alt_result, 47), string.byte(alt_result, 5), 4);
+        s = s .. b64_from_24bit(string.byte(alt_result, 48), string.byte(alt_result, 6), string.byte(alt_result, 27), 4);
+        s = s .. b64_from_24bit(string.byte(alt_result, 7), string.byte(alt_result, 28), string.byte(alt_result, 49), 4);
+        s = s .. b64_from_24bit(string.byte(alt_result, 29), string.byte(alt_result, 50), string.byte(alt_result, 8), 4);
+        s = s .. b64_from_24bit(string.byte(alt_result, 51), string.byte(alt_result, 9), string.byte(alt_result, 30), 4);
+        s = s .. b64_from_24bit(string.byte(alt_result, 10), string.byte(alt_result, 31), string.byte(alt_result, 52), 4);
+        s = s .. b64_from_24bit(string.byte(alt_result, 32), string.byte(alt_result, 53), string.byte(alt_result, 11), 4);
+        s = s .. b64_from_24bit(string.byte(alt_result, 54), string.byte(alt_result, 12), string.byte(alt_result, 33), 4);
+        s = s .. b64_from_24bit(string.byte(alt_result, 13), string.byte(alt_result, 34), string.byte(alt_result, 55), 4);
+        s = s .. b64_from_24bit(string.byte(alt_result, 35), string.byte(alt_result, 56), string.byte(alt_result, 14), 4);
+        s = s .. b64_from_24bit(string.byte(alt_result, 57), string.byte(alt_result, 15), string.byte(alt_result, 36), 4);
+        s = s .. b64_from_24bit(string.byte(alt_result, 16), string.byte(alt_result, 37), string.byte(alt_result, 58), 4);
+        s = s .. b64_from_24bit(string.byte(alt_result, 38), string.byte(alt_result, 59), string.byte(alt_result, 17), 4);
+        s = s .. b64_from_24bit(string.byte(alt_result, 60), string.byte(alt_result, 18), string.byte(alt_result, 39), 4);
+        s = s .. b64_from_24bit(string.byte(alt_result, 19), string.byte(alt_result, 40), string.byte(alt_result, 61), 4);
+        s = s .. b64_from_24bit(string.byte(alt_result, 41), string.byte(alt_result, 62), string.byte(alt_result, 20), 4);
+        s = s .. b64_from_24bit(string.byte(alt_result, 63), string.byte(alt_result, 21), string.byte(alt_result, 42), 4);
+        s = s .. b64_from_24bit(0, 0, string.byte(alt_result, 64), 2);
+
+	return s
+end
+
+function crypt.compare(entered, stored)
+	algorithm = string.sub(stored, 1, 3)
+	salthash = string.sub(stored,4)
+	if     algorithm == '$5$' then hashed = crypt.sha256(salthash, entered)
+        elseif algorithm == '$6$' then hashed = crypt.sha512(salthash, entered)
+        else return nil
+	end
+	if hashed ~= nil  then
+		return hashed == stored
+	end
+	return nil
+end
+
+--[[
+-- tests
+
+--sha512 -- copied from crypt-sha512.c
+assert(crypt.sha512("saltstring", "Hello world!") == "$6$saltstring$svn8UoSVapNtMuq1ukKS4tPQd8iKwSMHWjl/O817G3uBnIFNjnQJuesI68u4OTLiBFdcbYEdFCoEOfaS35inz1")
+assert(crypt.sha512("rounds=10000$saltstringsaltstring", "Hello world!") == "$6$rounds=10000$saltstringsaltst$OW1/O6BYHV6BcXZu8QVeXbDWra3Oeqh0sbHbbMCVNSnCM/UrjmM0Dp8vOuZeHBy/YTBmSK6H9qs/y3RnOaw5v.")
+assert(crypt.sha512("rounds=5000$toolongsaltstring", "This is just a test") == "$6$rounds=5000$toolongsaltstrin$lQ8jolhgVRVhY4b5pZKaysCLi0QBxGoNeKQzQ3glMhwllF7oGDZxUhx1yxdYcz/e1JSbq3y6JMxxl8audkUEm0")
+assert(crypt.sha512("rounds=1400$anotherlongsaltstring", "a very much longer text to encrypt.  This one even stretches over morethan one line.") == "$6$rounds=1400$anotherlongsalts$POfYwTEok97VWcjxIiSOjiykti.o/pQs.wPvMxQ6Fm7I6IoYN3CmLs66x9t0oSwbtEW7o7UmJEiDwGqd8p4ur1")
+assert(crypt.sha512("rounds=77777$short", "we have a short salt string but not a short password") == "$6$rounds=77777$short$WuQyW2YR.hBNpjjRhpYD/ifIw05xdfeEyQoMxIXbkvr0gge1a1x3yRULJ5CCaUeOxFmtlcGZelFl5CxtgfiAc0")
+assert(crypt.sha512("rounds=123456$asaltof16chars..", "a short string") == "$6$rounds=123456$asaltof16chars..$BtCwjqMJGx5hrJhZywWvt0RLE8uZ4oPwcelCjmw2kSYu.Ec6ycULevoBK25fs2xXgMNrCzIMVcgEJAstJeonj1")
+assert(crypt.sha512("rounds=10$roundstoolow", "the minimum number is still observed") == "$6$rounds=1000$roundstoolow$kUMsbe306n21p9R.FRkW3IGn.S9NPN0x50YhH1xhLsPuWGsUSklZt58jaTfF4ZEQpyUNGc0dqbpBYYBaHHrsX.")
+
+-- sha256 -- copied from crypt-sha256.c
+assert(crypt.sha256("saltstring", "Hello world!") == "$5$saltstring$5B8vYYiY.CVt1RlTTf8KbXBH3hsxY/GNooZaBBGWEc5")
+assert(crypt.sha256("rounds=10000$saltstringsaltstring", "Hello world!") == "$5$rounds=10000$saltstringsaltst$3xv.VbSHBb41AL9AvLeujZkZRBAwqFMz2.opqey6IcA")
+assert(crypt.sha256("rounds=5000$toolongsaltstring", "This is just a test") == "$5$rounds=5000$toolongsaltstrin$Un/5jzAHMgOGZ5.mWJpuVolil07guHPvOW8mGRcvxa5")
+assert(crypt.sha256("rounds=1400$anotherlongsaltstring", "a very much longer text to encrypt.  This one even stretches over morethan one line.") == "$5$rounds=1400$anotherlongsalts$Rx.j8H.h8HjEDGomFU8bDkXm3XIUnzyxf12oP84Bnq1")
+assert(crypt.sha256("rounds=77777$short", "we have a short salt string but not a short password") == "$5$rounds=77777$short$JiO1O3ZpDAxGJeaDIuqCoEFysAe1mZNJRs3pw0KQRd/")
+assert(crypt.sha256("rounds=123456$asaltof16chars..", "a short string") == "$5$rounds=123456$asaltof16chars..$gP3VQ/6X7UUEW3HkBn2w1/Ptq2jxPyzV/cZKmF/wJvD")
+assert(crypt.sha256("rounds=10$roundstoolow", "the minimum number is still observed") == "$5$rounds=1000$roundstoolow$yfvwcWrQ8l/K0DAWyuPMDNHpIVlTQebY9l/gL972bIC")
+
+--]]
+
+return crypt
diff --git a/stand/lua/hashes.lua b/stand/lua/hashes.lua
new file mode 100644
--- /dev/null
+++ b/stand/lua/hashes.lua
@@ -0,0 +1,240 @@
+local sha256_k = {0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b,
+		0x59f111f1, 0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01,
+		0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7,
+		0xc19bf174, 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
+		0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, 0x983e5152,
+		0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147,
+		0x06ca6351, 0x14292967, 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc,
+		0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
+		0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819,
+		0xd6990624, 0xf40e3585, 0x106aa070, 0x19a4c116, 0x1e376c08,
+		0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f,
+		0x682e6ff3, 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
+		0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 }
+
+
+local sha512_k = {0x428a2f98d728ae22, 0x7137449123ef65cd, 0xb5c0fbcfec4d3b2f,
+		0xe9b5dba58189dbbc, 0x3956c25bf348b538, 0x59f111f1b605d019,
+		0x923f82a4af194f9b, 0xab1c5ed5da6d8118, 0xd807aa98a3030242,
+		0x12835b0145706fbe, 0x243185be4ee4b28c, 0x550c7dc3d5ffb4e2,
+		0x72be5d74f27b896f, 0x80deb1fe3b1696b1, 0x9bdc06a725c71235,
+		0xc19bf174cf692694, 0xe49b69c19ef14ad2, 0xefbe4786384f25e3,
+		0x0fc19dc68b8cd5b5, 0x240ca1cc77ac9c65, 0x2de92c6f592b0275,
+		0x4a7484aa6ea6e483, 0x5cb0a9dcbd41fbd4, 0x76f988da831153b5,
+		0x983e5152ee66dfab, 0xa831c66d2db43210, 0xb00327c898fb213f,
+		0xbf597fc7beef0ee4, 0xc6e00bf33da88fc2, 0xd5a79147930aa725,
+		0x06ca6351e003826f, 0x142929670a0e6e70, 0x27b70a8546d22ffc,
+		0x2e1b21385c26c926, 0x4d2c6dfc5ac42aed, 0x53380d139d95b3df,
+		0x650a73548baf63de, 0x766a0abb3c77b2a8, 0x81c2c92e47edaee6,
+		0x92722c851482353b, 0xa2bfe8a14cf10364, 0xa81a664bbc423001,
+		0xc24b8b70d0f89791, 0xc76c51a30654be30, 0xd192e819d6ef5218,
+		0xd69906245565a910, 0xf40e35855771202a, 0x106aa07032bbd1b8,
+		0x19a4c116b8d2d0c8, 0x1e376c085141ab53, 0x2748774cdf8eeb99,
+		0x34b0bcb5e19b48a8, 0x391c0cb3c5c95a63, 0x4ed8aa4ae3418acb,
+		0x5b9cca4f7763e373, 0x682e6ff3d6b2b8a3, 0x748f82ee5defb2fc,
+		0x78a5636f43172f60, 0x84c87814a1f0ab72, 0x8cc702081a6439ec,
+		0x90befffa23631e28, 0xa4506cebde82bde9, 0xbef9a3f7b2c67915,
+		0xc67178f2e372532b, 0xca273eceea26619c, 0xd186b8c721c0c207,
+		0xeada7dd6cde0eb1e, 0xf57d4f7fee6ed178, 0x06f067aa72176fba,
+		0x0a637dc5a2c898a6, 0x113f9804bef90dae, 0x1b710b35131c471b,
+		0x28db77f523047d84, 0x32caab7b40c72493, 0x3c9ebe0a15c9bebc,
+		0x431d67c49c100d4c, 0x4cc5d4becb3e42b6, 0x597f299cfc657e2a,
+		0x5fcb6fab3ad6faec, 0x6c44198c4a475817 }
+
+local function maskn(size)
+	return ~(~0 << size)
+end
+
+local function ror(n, bits, size)
+	return (n >> bits) | ((n << size - bits) & maskn(size))
+end
+
+local function string2number(s, i, len)
+	local n = 0
+	for i = i, i + len - 1 do
+		n = (n<<8) + string.byte(s, i)
+	end
+	return n
+end
+
+local function sha512_block(H, chunk)
+	local w = {}
+	for i = 1, 16 do
+		w[i] = string2number(chunk, ((i-1) * 8)+1, 8)
+	end
+
+	for i = 17, 80 do
+		local v = w[i - 15]
+		local s0 = ror(v, 1, 64) ~ ror(v, 8, 64) ~ (v >> 7)
+		v = w[i - 2]
+		local s1 = ror(v, 19, 64) ~ ror(v, 61, 64) ~ (v >> 6)
+		w[i] = (w[i - 16] + s0 + w[i - 7] + s1) & maskn(64)
+	end
+	local a, b, c, d, e, f, g, h = H[1], H[2], H[3], H[4], H[5], H[6], H[7], H[8]
+
+	for i=1, 80 do
+		local s0 = ror(a, 28, 64) ~ ror(a, 34, 64) ~ ror(a, 39, 64)
+		local maj = (a & b) ~ (a & c) ~ (b & c)
+		local t2 = s0 + maj
+		local s1 = ror(e, 14, 64) ~ ror(e, 18, 64) ~ ror(e, 41, 64)
+		local ch = (e & f) ~ (~e & g)
+		local t1 = h + s1 + ch + sha512_k[i] + w[i]
+
+		h = g
+		g = f
+		f = e
+		e = (d + t1) & maskn(64)
+		d = c
+		c = b
+		b = a
+		a = (t1 + t2) & maskn(64)
+	end
+	H[1] = maskn(64) & (H[1] + a)
+	H[2] = maskn(64) & (H[2] + b)
+	H[3] = maskn(64) & (H[3] + c)
+	H[4] = maskn(64) & (H[4] + d)
+	H[5] = maskn(64) & (H[5] + e)
+	H[6] = maskn(64) & (H[6] + f)
+	H[7] = maskn(64) & (H[7] + g)
+	H[8] = maskn(64) & (H[8] + h)
+end
+
+local function sha256_block(H, chunk)
+	local w = {}
+	for i = 1, 16 do
+		w[i] = string2number(chunk, ((i-1) * 4)+1, 4)
+        end
+
+	for i = 17, 64 do
+		local v = w[i - 15]
+		local s0 = ror(v, 7, 32) ~ ror(v, 18, 32) ~ (v >> 3)
+		v = w[i - 2]
+		local s1 = ror(v, 17, 32) ~ ror(v, 19, 32) ~ (v >> 10)
+		w[i] = (w[i - 16] + s0 + w[i - 7] + s1) & maskn(32)
+	end
+	local a, b, c, d, e, f, g, h = H[1], H[2], H[3], H[4], H[5], H[6], H[7], H[8]
+
+	for i=1, 64 do
+		local s0 = ror(a, 2, 32) ~ ror(a, 13, 32) ~ ror(a, 22, 32)
+		local maj = (a & b) ~ (a & c) ~ (b & c)
+		local t2 = s0 + maj
+		local s1 = ror(e, 6, 32) ~ ror(e, 11, 32) ~ ror(e, 25, 32)
+		local ch = (e & f) ~ (~e & g)
+		local t1 = h + s1 + ch + sha256_k[i] + w[i]
+
+		h = g
+		g = f
+		f = e
+		e = (d + t1) & maskn(32)
+		d = c
+		c = b
+		b = a
+		a = (t1 + t2) & maskn(32)
+	end
+	H[1] = maskn(32) & (H[1] + a)
+	H[2] = maskn(32) & (H[2] + b)
+	H[3] = maskn(32) & (H[3] + c)
+	H[4] = maskn(32) & (H[4] + d)
+	H[5] = maskn(32) & (H[5] + e)
+	H[6] = maskn(32) & (H[6] + f)
+	H[7] = maskn(32) & (H[7] + g)
+	H[8] = maskn(32) & (H[8] + h)
+end
+
+local function number2string(n, length)
+	local s = ""
+	for i=1, length do
+		local rem = n % 256
+		s = string.char(rem) .. s
+		n = n >> 8
+	end
+	return s
+end
+
+local function sha256(msg)
+	local buffer = ""
+	local length = 0
+	local H = {0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f,
+		0x9b05688c, 0x1f83d9ab, 0x5be0cd19 }
+	local function update(msg)
+		if msg then
+			local offset = 1
+			local endrange = 64 - #buffer
+			length = length + #msg
+			buffer = buffer..string.sub(msg, 1, endrange)
+			offset = endrange + 1
+			while (#buffer == 64) do
+				sha256_block(H, buffer)
+				buffer = string.sub(msg, offset, offset + 63)
+				offset = offset + 64
+			end
+			return update
+		else
+			local padding = -(length + 1 + 8) % 64
+			update("\128" .. string.rep("\0", padding) .. number2string(length*8, 8))
+			buffer = nil
+			local result = ""
+			for i=1, 8 do
+				result = result .. number2string(H[i], 4)
+			end
+			return result;
+		end
+	end
+	if msg then
+		return update(msg)()
+	else
+		return update
+	end
+end
+
+local function sha512(msg)
+	local length = 0
+	local buffer = ""
+	local H = {0x6a09e667f3bcc908, 0xbb67ae8584caa73b, 0x3c6ef372fe94f82b,
+		0xa54ff53a5f1d36f1, 0x510e527fade682d1, 0x9b05688c2b3e6c1f,
+		0x1f83d9abfb41bd6b, 0x5be0cd19137e2179}
+	local function update(msg)
+		if msg then
+			local offset = 1
+			local endrange = 128 - #buffer
+			length = length + #msg
+			buffer = buffer..string.sub(msg, 1, endrange)
+			offset = endrange + 1
+			while (#buffer == 128) do
+				sha512_block(H, buffer)
+				buffer = string.sub(msg, offset, offset + 127)
+				offset = offset + 128
+			end
+			return update
+		else
+			local padding = (-(length + 1 + 16) % 128) + 8
+			local padstring = "\128" .. string.rep("\0", padding) .. number2string(length*8, 8)
+			update(padstring)
+			buffer = nil
+			local result = ""
+			for i=1, 8 do
+				result = result .. number2string(H[i], 8)
+			end
+			return result
+		end
+	end
+	if msg then
+		return update(msg)()
+	else
+		return update
+	end
+end
+
+local function string2hex(s)
+	local h = string.gsub(s, ".", function(c) return string.format("%02x", string.byte(c))
+			end)
+	return h
+end
+
+local hashes = {
+	sha256= sha256,
+	sha512= sha512,
+	string2hex= string2hex
+}
+
+return hashes
diff --git a/stand/lua/password.lua b/stand/lua/password.lua
--- a/stand/lua/password.lua
+++ b/stand/lua/password.lua
@@ -31,6 +31,7 @@
 
 local core = require("core")
 local screen = require("screen")
+local crypt = require("crypt")
 
 local password = {}
 
@@ -87,6 +88,16 @@
 end
 
 function password.check()
+	local function compare(entered, stored)
+		if stored == nil then
+			return true
+		end
+		local result = crypt.compare(entered, stored)
+		if result == nil then
+			return entered == stored
+		end
+		return result
+        end
 	-- pwd is optionally supplied if we want to check it
 	local function doPrompt(prompt, pwd)
 		local attempts = 1
@@ -106,7 +117,7 @@
 			screen.defcursor()
 			printc(prompt)
 			local read_pwd = password.read(#prompt)
-			if pwd == nil or pwd == read_pwd then
+			if compare(read_pwd, pwd) then
 				-- Clear the prompt + twiddle
 				printc(string.rep(" ", #prompt + 5))
 				return read_pwd
@@ -116,7 +127,7 @@
 			loader.delay(3*1000*1000)
 		end
 	end
-	local function compare(prompt, pwd)
+	local function pwGate(prompt, pwd)
 		if pwd == nil then
 			return
 		end
@@ -124,7 +135,7 @@
 	end
 
 	local boot_pwd = loader.getenv("bootlock_password")
-	compare("Bootlock password:", boot_pwd)
+	pwGate("Bootlock password:", boot_pwd)
 
 	local geli_prompt = loader.getenv("geom_eli_passphrase_prompt")
 	if geli_prompt ~= nil and geli_prompt:lower() == "yes" then
@@ -141,7 +152,7 @@
 		-- in the middle of other text.
 		setup_screen()
 	end
-	compare("Loader password:", pwd)
+	pwGate("Loader password:", pwd)
 end
 
 return password