[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Otpasswd-talk] Today's daily observations (dwa)
From: |
Hannes Beinert |
Subject: |
[Otpasswd-talk] Today's daily observations (dwa) |
Date: |
Thu, 7 Jan 2010 17:43:36 -0600 |
1. I kind of alluded to it earlier, but you might consider a "brief
usage" message. Personally, I tend to like to keep console clutter to
a minimum. So, for example, what if:
$ otpasswd --help
[... does what it does now ...]
but,
$ otpasswd -h
Usage: otpasswd [options]
-k, --key Generate key
-r, --remove Remove key
-i, --info Display user configuration
[... blah blah blah ...]
-h Command-line usage summary
--help Extended usage summary
Then, for certain UI errors, you could print the more terse usage
summary rather than the long one.
2. I have been thinking... do you think that printing the key/counter
values with an --info option is a security risk? I'm wondering if
these values should only be printed for the administrator... and,
maybe a hash of the key/counter for the user? That way they could
tell if it was the same key/counter, or a different one, but they
wouldn't have the exact value? OTOH, not having access to the
key/counter would make it impossible to use an external passcode
generation device. Hmmm. How about another option flag, such as
"--secret-key"/"-S" (or, "--exact" / "-X", or...?) That way it would
print the hash if the optional --secret-key (or whatever) flag wasn't
used. It would force the user to be deliberate in his choice. This
is the approach that gpg uses for some "private key" operations...
3. In the state files, you are currently saving FIELD_FLAGS as a %u,
when it's a bit-wise encoded field. Wouldn't %x or %o be a little
more "obvious"?
As always, I'm hiding in the bushes throwing hand grenades... ;-)
Hannes.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Otpasswd-talk] Today's daily observations (dwa),
Hannes Beinert <=