-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Revisit handling of wrapped keys/master passwords #87
Comments
Alternative idea: use an agent-style architecture:
Pros:
Cons:
|
Ratcheting down the security of an agent-style approach: Braindump:
Then, from the client PID:
|
More braindump:
Downside:
|
#103. |
This needs more thought before I or someone else goes and does it, but:
The current master password approach is slightly ugly: it uses a not-very-well-specified POSIX API (named SHM objects) and requires additional hacks for different OSes.
Most modern desktop environments already provide an integrated keychain, and some (like macOS) integrate that keychain tightly into hardened hardware. This makes it an ideal place to store a master password.
There are a few Rust crates for managing system keychains/keyrings:
We should still fall back on the current approach when we fail to detect a suitable keychain to interact with, or if the user specifically requests the current approach.
The text was updated successfully, but these errors were encountered: