Re: [dev] slock with non-system auth

From: Frank Blendinger <fb_AT_intoxicatedmind.net>
Date: Sun, 20 Dec 2009 12:55:09 +0100

Hi.

2009-12-20 12:50, Antoni Grzymala <antoni_AT_chopin.edu.pl>:
> Moritz Wilhelmy dixit (2009-12-20, 12:03):
> > On Sun, Dec 20, 2009 at 11:53:02AM +0100, markus schnalke wrote:
> > > [2009-12-19 21:37] pancake <pancake_AT_youterm.com>
> > >
> > > The password should probably not be a clear text string inside the
> > > binary file, as one can easily read it with `strings slock'.
> > >
> > > Is there a secure hash function in standard C? I think not. Linking
> > > some external library for this, seems to be overkill.
> > > [...]
> There are kernel-based crypto functions (including strong hashes), at
> least in Linux, dunno about other OS'es, so it wouldn't be necessary to
> link to an external library.

What about libc's crypt(3)?

> Still, there'd need to be a simple way to generate the hash, perhaps
> another binary for hashing the stdin would do then? Or slock itself,
> when fed a string.

mkpasswd would be the frontend to crypt(3).

Greetings,
Frank

-- 
Frank Blendinger | fb(at)intoxicatedmind.net | GPG: 0x0BF2FE7A
Fingerprint: BB64 F2B8 DFD8 BF90 0F2E 892B 72CF 7A41 0BF2 FE7A

Received on Sun Dec 20 2009 - 11:55:09 UTC

This archive was generated by hypermail 2.2.0 : Sun Dec 20 2009 - 12:00:03 UTC