From 96660a90e4cd296a2922d7a547de4cd9d0b1928b Mon Sep 17 00:00:00 2001 From: DanConwayDev Date: Fri, 1 Sep 2023 00:00:00 +0000 Subject: feat(login) password login using encrypted nsec Enables the user to only handle the nsec upon first use of the tool by encrypting it with a password and storing it on disk in an application cache. The approach to encryption draws heavily from that used by the gossip nostr client. - unencrypted nsec is zeroed from memory - a salt is used to defend against rainbow tables - computationally expensive key stretching defends against brute-force attacks of passwords with low entropy. There is UX trade-off between decryption speed and key-stretching computation. This UX challenge is exacerbated in a cli tool as decryption must take place more regularly. Thought was put into the selected n_log and a heavily reduced value is provided for long passwords where security benefits are smaller. A more granular reducing in computation was also considered by rejected to avoided to revealing just how weak a password is as most weak passwords are reused. --- Cargo.toml | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'Cargo.toml') diff --git a/Cargo.toml b/Cargo.toml index e745441..6d8ebaf 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -13,16 +13,24 @@ categories = ["command-line-utilities","git"] [dependencies] anyhow = "1.0.75" +chacha20poly1305 = "0.10.1" clap = { version = "4.3.19", features = ["derive"] } dialoguer = "0.10.4" directories = "5.0.1" +keyring = "2.0.5" +nostr = "0.23.0" +passwords = "3.1.13" +scrypt = "0.11.0" serde = { version = "1.0.181", features = ["derive"] } serde_json = "1.0.105" +zeroize = "1.6.0" [dev-dependencies] assert_cmd = "2.0.12" duplicate = "1.0.0" mockall = "0.11.4" +once_cell = "1.18.0" +rexpect = "0.5.0" serial_test = "2.0.0" test_utils = { path = "test_utils" } -- cgit v1.2.3