|
|
|
|
|
|
by f154hfds
1913 days ago
|
|
|
This is going to sound sketchy because any software project involving cryptography is automatically sketchy unless it has hit some nebulous and ill-defined 'accepted' status, but I've been working on a CLI tool to manage my passwords for a while that I'm honestly not ready to share, but the architecture so far is very simple: Each 'service block' is an encrypted file consisting of service name, service password (autogenerated), kv-store, some metadata for regenerating new passwords.
The key to each service block is the hash of a primary password.
The name of the 'service block' file is the hash of the service name.
All of the service blocks are stored together in a folder that can be rsynced wherever. My worry is obviously in the crypto. While I'm not doing anything too fancy I worry about timing attacks because an attacker will have the full encrypted block so the system is vulnerable to that sort of thing. |
|
|