feat(login) password login using encrypted nsec

Enables the user to only handle the nsec upon first use of the tool by encrypting it with a password and storing it on disk in an application cache. The approach to encryption draws heavily from that used by the gossip nostr client. - unencrypted nsec is zeroed from memory - a salt is used to defend against rainbow tables - computationally expensive key stretching defends against brute-force attacks of passwords with low entropy. There is UX trade-off between decryption speed and key-stretching computation. This UX challenge is exacerbated in a cli tool as decryption must take place more regularly. Thought was put into the selected n_log and a heavily reduced value is provided for long passwords where security benefits are smaller. A more granular reducing in computation was also considered by rejected to avoided to revealing just how weak a password is as most weak passwords are reused.
author: DanConwayDev <DanConwayDev@protonmail.com> 2023-09-01 00:00:00 +0000
committer: DanConwayDev <DanConwayDev@protonmail.com> 2023-09-01 00:00:00 +0000
commit: 96660a90e4cd296a2922d7a547de4cd9d0b1928b (patch)
tree: e5216e22ee1a3e1653d8d1ecd856f4f03615d6a1 /flake.nix
parent: 6423baebd92e45c9be85157c443dff42e65d8d14 (diff)
1 files changed, 6 insertions, 12 deletions
diff --git a/flake.nix b/flake.nix
index 7c36e2d..2fa8d8a 100644
--- a/flake.nix
+++ b/flake.nix
@@ -18,19 +18,13 @@
        devShells.default = mkShell {
          nativeBuildInputs = [
-            # stable to be introduced when the following issue is resolved
+            # override rustfmt with nightly toolchain version to support unstable features
+            # ideally this wouldn't be pinned to a specific nightly version but
+            # selectLatestNightlyWith isn't support with mixed toolchains
            # https://github.com/oxalica/rust-overlay/issues/136
-            # rust-bin.stable.latest.default
+            (lib.hiPrio rust-bin.nightly."2023-09-01".rustfmt)
-            # nightly for rustfmt
+            rust-bin.stable.latest.default
-            (
-              rust-bin.selectLatestNightlyWith (toolchain: toolchain.default.override {
-                extensions = [
-                  "rust-src"
-                  "rustfmt"
-                  "clippy"
-                ];
-              })
-            )
          ];
          buildInputs = [
author	DanConwayDev <DanConwayDev@protonmail.com>	2023-09-01 00:00:00 +0000
committer	DanConwayDev <DanConwayDev@protonmail.com>	2023-09-01 00:00:00 +0000
commit	96660a90e4cd296a2922d7a547de4cd9d0b1928b (patch)
tree	e5216e22ee1a3e1653d8d1ecd856f4f03615d6a1 /flake.nix
parent	6423baebd92e45c9be85157c443dff42e65d8d14 (diff)

diff --git a/flake.nix b/flake.nix index 7c36e2d..2fa8d8a 100644 --- a/flake.nix +++ b/flake.nix
@@ -18,19 +18,13 @@
18	devShells.default = mkShell {	18	devShells.default = mkShell {
19		19
20	nativeBuildInputs = [	20	nativeBuildInputs = [
21	# stable to be introduced when the following issue is resolved	21	# override rustfmt with nightly toolchain version to support unstable features
		22	# ideally this wouldn't be pinned to a specific nightly version but
		23	# selectLatestNightlyWith isn't support with mixed toolchains
22	# https://github.com/oxalica/rust-overlay/issues/136	24	# https://github.com/oxalica/rust-overlay/issues/136
23	# rust-bin.stable.latest.default	25	(lib.hiPrio rust-bin.nightly."2023-09-01".rustfmt)
24	# nightly for rustfmt	26	rust-bin.stable.latest.default
25	(	27
26	rust-bin.selectLatestNightlyWith (toolchain: toolchain.default.override {
27	extensions = [
28	"rust-src"
29	"rustfmt"
30	"clippy"
31	];
32	})
33	)
34	];	28	];
35		29
36	buildInputs = [	30	buildInputs = [