Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

auth: add libsodium based hash authentication #585

Draft
wants to merge 2 commits into
base: main
Choose a base branch
from

Conversation

PaideiaDilemma
Copy link
Collaborator

@PaideiaDilemma PaideiaDilemma commented Dec 16, 2024

This is an alternative to #573 (@spacefrogg let me know what you think)

Some details:

  • password generation is done via the hyprlock-setpwhash utility.
  • salt, hashing algorithm is handled by libsodium (the salt is included in the string that we store)
  • hyprlock-setpwhash can be followed by "interactive", "moderate" or "sensitive", to specify hashing cost. "moderate" is the default

Open stuff:

  • the last commit adding CSensitiveString is optional. not sure if we want it. (separated out).
  • auth:sodium or auth:pwhash?

@PaideiaDilemma PaideiaDilemma marked this pull request as draft December 17, 2024 15:06
@PaideiaDilemma PaideiaDilemma force-pushed the sodium-pwhash-auth branch 2 times, most recently from 81f8e3e to 54c490a Compare December 17, 2024 15:40
@spacefrogg
Copy link

This one looks nice as well. I think it does not make any meaningful difference to support multiple hash libraries. So, if you feel more comfortable with libsodium (or the Argon2 hash function, respectively), go ahead. By using CSensitiveString, you've committed to libsodium anyhow, AFAIK. (libgcrypt also has an API for sensitive data buffers).

It could be auth:pwhash then.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants