Closed didlich closed 6 years ago
Looks good so far. Nice clean style. @markuskreusch will do a full review
@markuskreusch I want to ask you about the time point the password is entered in the case password is read from standard input in the current implementation the user is asked to input the password shortly before vault is decrypted I wonder if we should ask the password in the args processing step, it has the drawback that the password is stored in memory the whole time the cli is running, but has the advantage all the passwords are available before we start processing the vaults.
What do you think?
it has the drawback that the password is stored in memory the whole time the cli is running
Of course we try to have the password as short a time as possible in memory, but even afterwards the derived key would be in memory for as long as the vault is unlocked. An attacker able to create memory dumps would still be able to use this key to decrypt the data. In other words, if the machine is already compromised, all is lost.
So in my opinion it is acceptable to have the password in memory for a longer period, if it serves a purpose.
@markuskreusch, @overheadhunter hi, could you have a look at the changes
I am really sorry for the delay. Forgot about this during the holidays. Looks fine now.
implements feature https://github.com/cryptomator/cli/issues/11