* [9front] Secstore security questions
@ 2024-04-28 8:34 sirjofri
2024-04-28 17:25 ` cinap_lenrek
0 siblings, 1 reply; 2+ messages in thread
From: sirjofri @ 2024-04-28 8:34 UTC (permalink / raw)
To: 9front
Good morning,
I'm thinking about secstore and how to incorporate it in a general use password manager for other systems. That makes me ask: how secure is secstore security? Thinking about protocol and encryption and stuff, also in combination with a radius server, for example.
In the past I've heard that its security is somewhat outdated and I shouldn't have a public facing secstore server, but I never heard any actual arguments about it. Given that it's an old software, how secure is it? Should it be updated if used as a public facing service?
sirjofri
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [9front] Secstore security questions
2024-04-28 8:34 [9front] Secstore security questions sirjofri
@ 2024-04-28 17:25 ` cinap_lenrek
0 siblings, 0 replies; 2+ messages in thread
From: cinap_lenrek @ 2024-04-28 17:25 UTC (permalink / raw)
To: 9front
secstore should be replaced eventually, yes.
for encrypted storage, i wrote stashfs to be eventually
used for this. it uses the scrypt key derivation
function and uses xsalsa for encryption.
and for the pake, we can use dp9ik's pake.
for the file-access, just use 9p instead of
that custom FTP-like protocol.
just need a good way to plug these things together.
--
cinap
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-04-28 17:27 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-04-28 8:34 [9front] Secstore security questions sirjofri
2024-04-28 17:25 ` cinap_lenrek
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).