Montspy
commented
2 years ago Definitely a great idea I would be reticent to add another passphrase for the user, but you make a good point that the passphrase reset is pretty straightforward.
At a cursory glance there are a few python libraries that implement JWE or JWT. I believe glitchyg is using JWT JWT looks pretty cool since its JSON in, JSON out - just provide the secret I'd rather use it vs using bare bcrypt
We can automate the decrypting by passing the passphrase as a command line argument, or a .env variable for advanced users
sk33z3r
I recently implemented a simple auth system in PHP, I wonder if we should adopt the usual db auth strategy for the tool to make it a bit safer and less sketchy to anyone who is concernd about giving their private key. Even though we don't put it anywhere but the local file, it's still plaintext.
My proposal:
In React:
In Python:
If a user ever forgets their password, then it's easy to re-run the mint config again. I think this will do A LOT for security conscious folks, and for those that are not we can at least make sure that in the event of accidentally sharing that file or getting compromised, we did not keep their pk in plaintext.
We may want to reach out to glitchyg specifically if/when we implement to make sure he is aware for his automated system.