Open benloh opened 4 years ago
My vote would be to use the hashed sesame approach. Seeing as currently, you have to have one person able to use the terminal anyhow, using it to run one more thing seems pretty straightforward and does increase our security nicely. Let's get @kalanicraig to vote before moving forward, though.
I’m with Joshua, provided the consequences for forgetting and changing are clearly spelled out near the pwd set thing.
On Thu, Aug 6, 2020 at 4:40 PM Joshua Danish notifications@github.com wrote:
My vote would be to use the hashed sesame approach. Seeing as currently, you have to have one person able to use the terminal anyhow, using it to run one more thing seems pretty straightforward and does increase our security nicely. Let's get @kalanicraig https://github.com/kalanicraig to vote before moving forward, though.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/netcreateorg/netcreate-2018/issues/104#issuecomment-670181207, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACKL4NEL3P53B47CRCQ6CQTR7MINDANCNFSM4PW4F5XA .
If I am not misunderstanding, this would just be in the README as you'd go create the password at the terminal. SO, if you forget your password you can go create a new one and drop it into SESAME again. And then use that. So you still need FTP access, etc.
Just to make sure we're on the same page, I believe Joshua is voting for: "a) asking the user to hash it themselves with a terminal utility".
This means we're essentially not changing anything about the workflow other than how you initially generate the password. e.g. instead of uploading a SESAME file, you would use a terminal command to generate the password, something like this:
printf "kpop" | shasum > SESAME
Though there might be issues with having to install the right hash command on some computers, and it may vary across computers.
Hah! I misunderstood what Joshua was saying.
This is also fine, tho I wonder if there’s an web-based utility that might help generate the hash without giving away too much of the security. Most of our folks will be adequate command line users, but it’s nice to have a backup option too.
On Thu, Aug 6, 2020 at 6:11 PM benloh notifications@github.com wrote:
Just to make sure we're on the same page, I believe Joshua is voting for: "a) asking the user to hash it themselves with a terminal utility".
This means we're essentially not changing anything about the workflow other than how you initially generate the password. e.g. instead of uploading a SESAME file, you would use a terminal command to generate the password, something like this:
printf "kpop" | shasum > SESAME
Though there might be issues with having to install the right hash command on some computers, and it may vary across computers.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/netcreateorg/netcreate-2018/issues/104#issuecomment-670216674, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACKL4NCVMNA6RSX7ITVYRATR7MTALANCNFSM4PW4F5XA .
It's easy enough to make the form and create the hash. My concern was more that it presents a use model that encourages changing the password. So my "Pros" and "Cons" were meant to apply to the form model. Sorry 'bout the confusion.
Sorry for the confusion: we have consensus to use the command line approach (number 1).Thanks!
This feature is not yet implemented as of Version 1.3.0
[This is really related to
nc-multiplex
but adding it here so design discussions are mostly in one place.]In preparation for server-specific tokens, Sri raised an issue that we should discuss @jdanish @kalanicraig.
The current approach of using the SESAME file leaves the password sitting on a server in plain text.
We could easily hash it programmatically. But this would mean either:
a) asking the user to hash it themselves with a terminal utility -- or -- b) adding a password-setting form to the
manager
page.With the form, the user would type in their new password, hit "Submit" and the system would hash and save the password in the SESAME (or some other) file.
Pros
Cons
So right now I'm inclined to leave it as-is with the SESAME approach. Any thoughts?