[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[STUMP] [PATCH] Add password input facility and a new contrib module
From: |
Lionel Flandrin |
Subject: |
[STUMP] [PATCH] Add password input facility and a new contrib module |
Date: |
Wed, 13 Apr 2011 09:01:45 +0000 |
User-agent: |
Mutt/1.5.20 (2009-06-14) |
Hello,
The first patch adds a :password mode to read-one-line that displays
the input as #\* while it's typed and doesn't store the result in the
history. I also added a new stumpwm-type :password for use in
defcommands.
The second patch, "passwd.lisp", has been inspired by this discussion:
http://news.ycombinator.com/item?id=2430808
The idea is that instead of storing all your passwords in a single
place (or, worse, using the same password everywhere), you can easily
generate unique and complex passwords by using a cryptographic hash
function, a single master passphrase and a simple keyword to identify
the password. For instance, if you decide to use the master passphrase
"passw0rd" and you need a password for your gmail account, you can use:
echo -n gmail | openssl dgst -sha1 -hmac 'passw0rd'
b8b52fd7fc96c8d614c11b002eba34ac7d7adcb5
And use the resulting hash as your password. You can recover the
password at anytime by runnig the same command. Now suppose you need a
password for your corporate intranet, you can use:
echo -n intranet | openssl dgst -sha1 -hmac 'passw0rd'
fa8d038daf9e4a5e872657da7ac5bebfbda77736
Etc... You just have to be careful to pick a convention for your keys
and be sure to remember them.
The passwd module just provides a convenient interface around that, it
asks for your passphrase once and then remembers it for a configurable
amount of time (à la GPG agent or sudo) and stores the generated hash
in the clipboard (before wiping it out with the original clipboard
content after *clipboard-clear-timeout* seconds).
Note that it uses the ironclad package (available from quicklisp) to
compute the HMAC as well as sbcl-specific timer extensions, and thus won't
work out of the box for other implementations.
--
Lionel Flandrin
0001-Add-a-password-mode-to-read-one-line-and-a-new-passw.patch
Description: Text Data
0002-New-contrib-module-passwd.lisp-to-generate-passwords.patch
Description: Text Data
signature.asc
Description: Digital signature
- [STUMP] [PATCH] Add password input facility and a new contrib module,
Lionel Flandrin <=