thorduri
commented
7 years ago Any thoughts on this @klali ?
Looking at ykchalresp.c it should be trivial to add.
Open crepererum opened 9 years ago
thorduri
commented
7 years ago Any thoughts on this @klali ?
Looking at ykchalresp.c it should be trivial to add.
klali
commented
7 years ago Yeah, it should be fairly easy to add. In #73 we added support for reading the challenge from a file (or STDIN). Maybe that solves the same usecase?
thorduri
commented
7 years ago @klali Not really.
I'm a fan of the trifecta of options being available from the command line, environment and config files.
So unless there are objections, I'll whip up a patch to read the challange from YKCHAL.
klali
commented
7 years ago No objections at all.
On Sep 30, 2016 11:06, "Thordur Bjornsson" notifications@github.com wrote:
@klali https://github.com/klali Not really.
I'm a fan of the trifecta of options being available from the command line, environment and config files.
So unless there are objections, I'll whip up a patch to read the challange from YKCHAL.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/Yubico/yubikey-personalization/issues/49#issuecomment-250696566, or mute the thread https://github.com/notifications/unsubscribe-auth/AAQI3bKZYZ7tasXbjbppnkNB_AjAYBBQks5qvNEngaJpZM4CoHB0 .
Vincent43
commented
3 years ago Environment variables are considered to be safe on most Linux systems.
Environment variables definitely aren't considered safe for storing secrets as they leak as easy as command args i.e. with ps ewwax. I advice to not introduce new options that may work as footgun for inexperienced users. Using stdin should be the safe approach.
@klali
Reading a secure challenge from command line arguments isn't safe, because other users and processes are able to read them. Environment variables are considered to be safe on most Linux systems. So it would be great if ykchalresp would be able to read a challenge from an environment variable (e.g. YKCHAL) instead.