Re: [dev] slock with non-system auth

From: Antoni Grzymala <antoni_AT_chopin.edu.pl>
Date: Sun, 20 Dec 2009 12:50:01 +0100

Moritz Wilhelmy dixit (2009-12-20, 12:03):

> On Sun, Dec 20, 2009 at 11:53:02AM +0100, markus schnalke wrote:
> > [2009-12-19 21:37] pancake <pancake_AT_youterm.com>
> > >
> > > I have done two patches for slock.
> > >
> > > The first simplifying the use of cpp and the other adding user
> > > defined password.
> >
> > The password should probably not be a clear text string inside the
> > binary file, as one can easily read it with `strings slock'.
> >
> > Is there a secure hash function in standard C? I think not. Linking
> > some external library for this, seems to be overkill.
> >
> > Maybe we could give slock a system account to check the password
> > against. Thus it must not to be the own account, but can be a special
> > slock system user, which exists just for this task.
> >
> > Unfortunately only root users will have the ability to set different
> > passwords then.
> >
> >
> > meillo
>
> And only root-users will be able to use slock then, so it doesn't
> work for people working on public machines, for instance at university.

There are kernel-based crypto functions (including strong hashes), at
least in Linux, dunno about other OS'es, so it wouldn't be necessary to
link to an external library.

Still, there'd need to be a simple way to generate the hash, perhaps
another binary for hashing the stdin would do then? Or slock itself,
when fed a string.

-- 
[a]
Received on Sun Dec 20 2009 - 11:50:01 UTC

This archive was generated by hypermail 2.2.0 : Sun Dec 20 2009 - 12:00:02 UTC