From 96660a90e4cd296a2922d7a547de4cd9d0b1928b Mon Sep 17 00:00:00 2001 From: DanConwayDev Date: Fri, 1 Sep 2023 00:00:00 +0000 Subject: feat(login) password login using encrypted nsec Enables the user to only handle the nsec upon first use of the tool by encrypting it with a password and storing it on disk in an application cache. The approach to encryption draws heavily from that used by the gossip nostr client. - unencrypted nsec is zeroed from memory - a salt is used to defend against rainbow tables - computationally expensive key stretching defends against brute-force attacks of passwords with low entropy. There is UX trade-off between decryption speed and key-stretching computation. This UX challenge is exacerbated in a cli tool as decryption must take place more regularly. Thought was put into the selected n_log and a heavily reduced value is provided for long passwords where security benefits are smaller. A more granular reducing in computation was also considered by rejected to avoided to revealing just how weak a password is as most weak passwords are reused. --- test_utils/Cargo.toml | 2 ++ 1 file changed, 2 insertions(+) (limited to 'test_utils/Cargo.toml') diff --git a/test_utils/Cargo.toml b/test_utils/Cargo.toml index e1f6090..1a39957 100644 --- a/test_utils/Cargo.toml +++ b/test_utils/Cargo.toml @@ -8,5 +8,7 @@ anyhow = "1.0.75" assert_cmd = "2.0.12" dialoguer = "0.10.4" directories = "5.0.1" +nostr = "0.23.0" +once_cell = "1.18.0" rexpect = { git = "https://github.com/phaer/rexpect.git", branch= "skip-ansi-escape-codes" } strip-ansi-escapes = "0.2.0" -- cgit v1.2.3