search

strlcat / tfcrypt

tfcrypt -- high security Threefish encryption tool.
Other
10 stars 1 forks source link

[Suggestion] Add an option or a keyboard shortcut to display the password being typed. #2

Closed phantomcraft closed 5 years ago

phantomcraft commented 5 years ago

This option is relevant for who uses long passwords.

strlcat commented 5 years ago

Implemented as -O showsecrets command line option.

Keyboard control is not a preferred method of modifying behavior for this program. Command line options are more usable, especially in scripted and/or automated environments.

strlcat commented 5 years ago

In future, there will be a so-called password hashed hint (along with hexdump), which you already may see in action by invoking sksum as: sksum -U pwd -v /dev/null. The program will give you a password hint hash string to memorize:

% sksum -U pwd -v -O showsecrets /dev/null  
Enter MAC password: test
MAC password hint: e0c38343e62c15d3  ...C.,..
sksum: read: 0 (0.00B), hashed 0 (0.00B) bytes, (0 (0.00B) B/s)
5H4/hYSkZ/m3T3drWq9+/MtM05T6ag8pgg/mEpji2Pl0n7Hj9JGvHY+vNDGKC1B/APPXgEgycbx9mERQPJONHm/TJ7q69LLKntToGcwyl40FtXPvu0kgZzXQdzhSv7ZcAzOIdTmBAYa0zSJ3KfAAkNMZKwCK9xeSkr4XBj29M0w=    /dev/null

Here, e0c38343e62c15d3 ...C.,.. is your typed password hint which is constant between multiple tfcrypt versions and does not depend on your tfcrypt_defs.h compile time defaults.

This could be much better way to verify that your long typed passwords are OK. Of course prior to that you will be required to type your password multiple times to verify that you type it correctly, or read plain password from separate file.

phantomcraft commented 5 years ago

One interesting feature would be arbitrary length hashes in sksum as Skein support this feature, VeraCrypt generate keyfiles up to 2^20 bytes from its hashing kit.

And also, options for executing embedded tfcrypt tools in command line without having to make symbolic links to.

strlcat commented 5 years ago

Despite Skein supports arbitrary long hashes, tfcrypt is not going to support them as of now, capping at compile-time maximum number of bits. Sorry.

As of options to invoke embedded programs, it was tried in past, but it was proven to be obscure and hard to maintain. If you need to invoke tfcrypt tools without making symbolic/hard links, try execvp. It's syntax is: execvp /path/to/tfcrypt argv0 argv1 .... To invoke sksum, invoke as (example for sk224sum): execvp tfcrypt sksum -D 224 -v /etc/passwd. execvp looks up full path to binary just as execvp(3) does, if not explicitly given.