[STUMP] [PATCH] Add password input facility and a new contrib module

stumpwm-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[STUMP] [PATCH] Add password input facility and a new contrib module

From:	Lionel Flandrin
Subject:	[STUMP] [PATCH] Add password input facility and a new contrib module
Date:	Wed, 13 Apr 2011 09:01:45 +0000
User-agent:	Mutt/1.5.20 (2009-06-14)

Hello,

The first patch adds a :password mode to read-one-line that displays
the input as #\* while it's typed and doesn't store the result in the
history. I also added a new stumpwm-type :password for use in
defcommands.

The second patch, "passwd.lisp", has been inspired by this discussion:
 http://news.ycombinator.com/item?id=2430808

The idea is that instead of storing all your passwords in a single
place (or, worse, using the same password everywhere), you can easily
generate unique and complex passwords by using a cryptographic hash
function, a single master passphrase and a simple keyword to identify
the password. For instance, if you decide to use the master passphrase
"passw0rd" and you need a password for your gmail account, you can use:

 echo -n gmail | openssl dgst -sha1 -hmac 'passw0rd'
b8b52fd7fc96c8d614c11b002eba34ac7d7adcb5 

And use the resulting hash as your password. You can recover the
password at anytime by runnig the same command. Now suppose you need a
password for your corporate intranet, you can use:

 echo -n intranet | openssl dgst -sha1 -hmac 'passw0rd'
fa8d038daf9e4a5e872657da7ac5bebfbda77736

Etc... You just have to be careful to pick a convention for your keys
and be sure to remember them.

The passwd module just provides a convenient interface around that, it
asks for your passphrase once and then remembers it for a configurable
amount of time (à la GPG agent or sudo) and stores the generated hash
in the clipboard (before wiping it out with the original clipboard
content after *clipboard-clear-timeout* seconds).

Note that it uses the ironclad package (available from quicklisp) to
compute the HMAC as well as sbcl-specific timer extensions, and thus won't
work out of the box for other implementations.
-- 
Lionel Flandrin

0001-Add-a-password-mode-to-read-one-line-and-a-new-passw.patch
Description: Text Data

0002-New-contrib-module-passwd.lisp-to-generate-passwords.patch
Description: Text Data

signature.asc
Description: Digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[STUMP] [PATCH] Add password input facility and a new contrib module, Lionel Flandrin <=
- Re: [STUMP] [PATCH] Add password input facility and a new contrib module, Ben Spencer, 2011/04/19

Prev by Date: [STUMP] [PATCH] Fix group-map-number when there's a group 0
Next by Date: [STUMP] I published partly Japanese manual
Previous by thread: [STUMP] [PATCH] Fix group-map-number when there's a group 0
Next by thread: Re: [STUMP] [PATCH] Add password input facility and a new contrib module
Index(es):
- Date
- Thread