[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[OATH-Toolkit-help] [sr #108846] oathtool should be able to read key fro
From: |
Craig Ringer |
Subject: |
[OATH-Toolkit-help] [sr #108846] oathtool should be able to read key from a file |
Date: |
Mon, 06 Jul 2015 06:22:00 +0000 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 |
URL:
<http://savannah.nongnu.org/support/?108846>
Summary: oathtool should be able to read key from a file
Project: OATH Toolkit
Submitted by: ringerc
Submitted on: Mon 06 Jul 2015 06:21:58 AM GMT
Category: None
Priority: 5 - Normal
Severity: 3 - Normal
Status: None
Privacy: Public
Assigned to: None
Originator Email:
Open/Closed: Open
Discussion Lock: Any
Operating System: None
_______________________________________________________
Details:
Requiring oathtool to read keys from the command line is quite insecure, as
command line output may be exposed in history files, system logs, process
listings, etc.
It would be significantly preferable to read a ~/.oathtool (or --authfile
cmdline path) file with key/value lists of aliases => keys, e.g.
[oathtool]
google => 0xDEADBEEF
amazon => SOMEBASE64STRING
etc, then accept these names instead of raw keys on the command line.
Bonus points for supporting symmetric encryption of the file using a master
password/passphrase so it's encrypted at rest.
I'm not using oathtool at this point, so no immediate patch will be pending.
Just noting this issue for consideration.
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/support/?108846>
_______________________________________________
Message sent via/by Savannah
http://savannah.nongnu.org/
- [OATH-Toolkit-help] [sr #108846] oathtool should be able to read key from a file,
Craig Ringer <=