On 15 February 2016 at 11:13, Kamil CholewiĆski <harry666t_AT_gmail.com> wrote:
>> slock < password-file
>
> You now have a password in cleartext, which we know is a bad idea. It
> would be better to hash it. Congrats, /etc/passwd & friends reinvented.
Just adopt hmac_sha256[1] into slock.c and put your pw hash into
config.h and deploy slock into your $HOME/bin if the system is shared,
or do it globally if not.
I don't see the need to rely on file or pipe access to read a password
hash from.
[1]
http://www.aarongifford.com/computers/sha.html
BR,
Anselm
Received on Mon Feb 15 2016 - 15:17:54 CET