search

evgeny-gridasov / openvpn-otp

OpenVPN OTP token support plugin
GNU General Public License v3.0
279 stars 74 forks source link

Plaintext PIN/password #40

Open wrossmann opened 3 years ago

wrossmann commented 3 years ago

It's a bit disappointing to see plaintext password storage in 2021, eg:

alice otp totp:sha1:base32:46HV5FIYE33TKWYP:5uP3rH4x0r:xxx *

It should be relatively simple to shim in crypt-compatible hashing, eg:

alice otp totp:sha1:base32:46HV5FIYE33TKWYP:$2y$10$HM6II7ESXVFq1XaylSa1R.8rNEhhlY4r74tRNFxIzWt94wyjJlDFW:xxx *
evgeny-gridasov commented 3 years ago

Yes I agree, that was on my todo list for quite a while. Perhaps I should do it.

evgeny-gridasov commented 3 years ago

There is a pending PR, will review it some time during the week.

xcrezd commented 3 years ago

waiting for this feature too