diff --git a/common/main.c b/common/main.c
index 416ceb3a34..a77feddd8c 100644
--- a/common/main.c
+++ b/common/main.c
@@ -35,36 +35,41 @@ __weak void show_boot_progress(int val) {}
  */
 int login (void)
 {
-	#define PASS_LEN 256
-	char stored[PASS_LEN];
-	char buf[PASS_LEN], entered[32];
+	#define MAX_TRIES_ENTER 4096
+	#define PASSWORD_LEN 256
+
+	char stored_pw_hash[PASSWORD_LEN];
+	char password[PASSWORD_LEN];
 	int res, i, tries;
 	int legacy_md5 = 0;
 	loff_t actread;
+	char c;
 
 	puts("\nautoboot has been stopped, press 'e' to enter: ");
 
-	/* TODO: where does magic number 4096 come from */
-	for (i=0; i<=4096; i++) {
-		buf[0] = getc();
-		if (buf[0] == 'e' || buf[0] == '\n') {
+	for (i=0; i<=MAX_TRIES_ENTER; i++) {
+		c = getc();
+		if (c == 'e' || c == '\n') {
 			puts("e");
 			break;
 		}
-		if (i == 4096) return 0;
+
+		/* Enter condition not given -> restart */
+		if (i == MAX_TRIES_ENTER) 
+			return 0;
 	}
 	puts("\n");
 
-	memset(stored, 0x0, sizeof(stored));
-
+	/* Try to get password hash file */
+	memset(stored_pw_hash, 0x0, sizeof(stored_pw_hash));
 	if (fs_set_blk_dev("mmc", "1:3", FS_TYPE_EXT) != 0) {
-		puts("Error, can not set blk devicet");	/* TODO: typo, \n missing */
+		puts("Error, can not set blk device\n");
 		return 1;
 	}
 
-	res = fs_read("/root/boot/bootpass", (ulong)stored, 0, sizeof(stored), &actread);
-	if ((res!=0) || (actread <= 0)) {
-		/* no file or hash found */
+	res = fs_read("/root/boot/bootpass", (ulong)stored_pw_hash, 0, sizeof(stored_pw_hash), &actread);
+	if ((res != 0) || (actread <= 0)) {
+		/* no file or hash found -> allow login w/o password */
 		puts("Login succeeded\n\n");
 		return 1;
 	} else if (actread == 16) {
@@ -77,43 +82,57 @@ int login (void)
 		/* TODO: no backspace ? */
 		/* TODO: rename buf to something more useful */
 		/* TODO: print a dot or blind? */
-		buf[0] = 0;
-		for (i=0; i<PASS_LEN; i++) {
-			buf[i] = getc();
-			if (buf[i] == '\r' || buf[i] == '\n') {
-				buf[i] = 0;
+		password[0] = 0;
+		for (i=0; i<PASSWORD_LEN; i++) {
+			password[i] = getc();
+			if (password[i] == '\r' || password[i] == '\n') {
+				password[i] = 0;
 				break;
 			}
 		}
-		buf[PASS_LEN-1] = 0;
+		password[PASSWORD_LEN-1] = 0;
 
-		if (strlen(buf) > 0) {
+		if (strlen(password) > 0) {
 			puts("\n");
 			if (legacy_md5) {
-				md5((unsigned char*) buf, strlen(buf), (unsigned char *)entered);
-				if (memcmp(stored, entered, 16) == 0) {
+				/* MD5 - legacy */
+				char entered[32];	/* TODO: Why 32, MD5 algo uses only 16 bytes */
+
+				md5((unsigned char *)password, strlen(password), (unsigned char *)entered);
+				if (memcmp(stored_pw_hash, entered, 16) == 0) {
 					break;
 				}
 			}
 			else {
-				char *cp = sha_crypt(buf, stored);
-				if (memcmp(cp, stored, actread) == 0) {
+				/* SHA1 */
+				char *cp = sha_crypt(password, stored_pw_hash);	/* TODO: Salt = PW? */
+				res = memcmp(cp, stored_pw_hash, actread);
+				free(cp);
+				if (res == 0)
+					break;
+/*
+				if (memcmp(cp, stored_pw_hash, actread) == 0) {
 					free(cp);
 					break;
 				}
 				free(cp);
+*/
 			}
+
 			/* TODO: exponentional delay */
 			puts("Login incorrect\n");
 			if (tries == 3) {
 				return 0;
 			}
 		}
+
 		/* TODO: remove password from memory !!!!! */
+		memset(password, 0, sizeof(password));
 	}
 
 	/* succeeded */
 	puts("Login succeeded\n\n");
+
 	return 1;
 }