diff options
| author | DanConwayDev <DanConwayDev@protonmail.com> | 2023-09-01 00:00:00 +0000 |
|---|---|---|
| committer | DanConwayDev <DanConwayDev@protonmail.com> | 2023-09-01 00:00:00 +0000 |
| commit | 96660a90e4cd296a2922d7a547de4cd9d0b1928b (patch) | |
| tree | e5216e22ee1a3e1653d8d1ecd856f4f03615d6a1 /.github/workflows | |
| parent | 6423baebd92e45c9be85157c443dff42e65d8d14 (diff) | |
feat(login) password login using encrypted nsec
Enables the user to only handle the nsec upon first use of the tool
by encrypting it with a password and storing it on disk in an
application cache.
The approach to encryption draws heavily from that used by the gossip
nostr client.
- unencrypted nsec is zeroed from memory
- a salt is used to defend against rainbow tables
- computationally expensive key stretching defends against
brute-force attacks of passwords with low entropy.
There is UX trade-off between decryption speed and key-stretching
computation. This UX challenge is exacerbated in a cli tool as
decryption must take place more regularly. Thought was put into the
selected n_log and a heavily reduced value is provided for long
passwords where security benefits are smaller.
A more granular reducing in computation was also considered by
rejected to avoided to revealing just how weak a password is as most
weak passwords are reused.
Diffstat (limited to '.github/workflows')
0 files changed, 0 insertions, 0 deletions