From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <9front-bounces@9front.inri.net>
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI autolearn=ham autolearn_force=no version=3.4.4
Received: from 9front.inri.net (9front.inri.net [168.235.81.73])
	by inbox.vuxu.org (Postfix) with ESMTP id BAED625A3F
	for <ml@inbox.vuxu.org>; Sun, 28 Apr 2024 10:35:55 +0200 (CEST)
Received: from sirjofri.de ([5.45.105.127]) by 9front; Sun Apr 28 04:34:51 -0400 2024
Received: from dummy.faircode.eu ([95.90.217.91]) by sirjofri.de; Sun Apr 28 10:34:42 +0200 2024
Date: Sun, 28 Apr 2024 10:34:41 +0200 (GMT+02:00)
From: sirjofri <sirjofri+ml-9front@sirjofri.de>
To: 9front@9front.org
Message-ID: <f68be3f7-e7c1-4297-8e43-d72058f62493@sirjofri.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Correlation-ID: <f68be3f7-e7c1-4297-8e43-d72058f62493@sirjofri.de>
List-ID: <9front.9front.org>
List-Help: <http://lists.9front.org>
X-Glyph: ➈
X-Bullshit: private persistence-oriented HTTP over ACPI pipelining software element template 
Subject: [9front] Secstore security questions
Reply-To: 9front@9front.org
Precedence: bulk

Good morning,

I'm thinking about secstore and how to incorporate it in a general use password manager for other systems. That makes me ask: how secure is secstore security? Thinking about protocol and encryption and stuff, also in combination with a radius server, for example.

In the past I've heard that its security is somewhat outdated and I shouldn't have a public facing secstore server, but I never heard any actual arguments about it. Given that it's an old software, how secure is it? Should it be updated if used as a public facing service?

sirjofri