[9front] Factotum "extensions" and secstore security

9front - general discussion about 9front
 help / color / mirror / Atom feed

From: sirjofri <sirjofri+ml-9front@sirjofri.de>
To: 9front@9front.org
Subject: [9front] Factotum "extensions" and secstore security
Date: Sat, 4 Mar 2023 10:40:14 +0100 (GMT+01:00)	[thread overview]
Message-ID: <5840f023-1688-4b96-874a-bf2fd6d1db26@sirjofri.de> (raw)

Hello,

I was wondering how factotum behaves if it's fed with keys that factotum doesn't understand, e.g. with a proto that factotum can't handle?

I'm planning on changing factotum a bit, but maybe only on one machine to keep stability. Though it is easy to just feed the locally adjusted factotum with the new secrets, I'm still wondering if it's fine to keep all the secrets in one file (secstore-style) and if the unchanged factotum will just ignore them.

For those wondering, I'm planning for proto=totp and maybe even an updated secstore that allows for totp-based security since I've heard that secstore isn't secure for modern standards (with the suggestion to only run it on a local network).

So, what's the state of secstore? How would a more secure version of secstore look like?

sirjofri

                 reply	other threads:[~2023-03-04  9:43 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5840f023-1688-4b96-874a-bf2fd6d1db26@sirjofri.de \
    --to=sirjofri+ml-9front@sirjofri.de \
    --cc=9front@9front.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).