Re: [dev] [ANNOUNCE] slock-1.3

From: Anselm R Garbe <garbeam_AT_gmail.com>
Date: Mon, 15 Feb 2016 15:17:54 +0100

On 15 February 2016 at 11:13, Kamil CholewiƄski <harry666t_AT_gmail.com> wrote:
>> slock < password-file
>
> You now have a password in cleartext, which we know is a bad idea. It
> would be better to hash it. Congrats, /etc/passwd & friends reinvented.

Just adopt hmac_sha256[1] into slock.c and put your pw hash into
config.h and deploy slock into your $HOME/bin if the system is shared,
or do it globally if not.

I don't see the need to rely on file or pipe access to read a password
hash from.

[1] http://www.aarongifford.com/computers/sha.html

BR,
Anselm
Received on Mon Feb 15 2016 - 15:17:54 CET

This archive was generated by hypermail 2.3.0 : Mon Feb 15 2016 - 15:24:09 CET