[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: The future of gpassman (was Re: gpasman: Intent to file for removal!)

Manuel Estrada Sainz <ranty@debian.org> writes:

> On Tue, Jan 22, 2002 at 10:18:37AM -0500, Scott Henson wrote:
> > 
> > > Mhmm... it would be nice to fix it and turn it into "Debian passwd
> > > manager"... 
> > > 
> > 
> > Unless someone else wants to take this on I will.  I was looking for
> > something to keep me awake durring my engineering 102 class(they teach
> > C, which I already know).  
>  I have been thinking about gpassman lately, I realy like the idea of a
>  password manager and gpassman has some good ideas, but I don't think
>  that the current implementation is good. Since this may lead to quite a
>  code rewrite, I would like to discuss some issues:
>  o librc2 seams quite unmaintained, I would think about using something
>    else instead for encryption:
>     o gpg --symmetric
>     o libmcrypt
>     o beecrypt2
>    Or even better, apply a bit of abstraction code so the encryption
>    backend can easly be changed in the future.
Yes, plugins would be appropriate.

>  o Letting the user select the algorighm would also be great.
Simple with plugins - just let the user specify the plugin to load.

>  o Making some kind of (per user) password server and an access library
>    for it would be great.
> 	o You tell the server the master password to unlock the password
> 	  database and then any program can query/add/modify passwords
> 	  through the library in the lines of ssh-agent
> 	o If we get all programs using the same password manager that
>           would be a great gain. Instead of having everyone handle
> 	  passwords in their own insecure way.
To get working code quickly, I suggest designing a access library that
can work without a server and implement the server later on.

Andreas Rottmann         | Dru@ICQ        | 118634484@ICQ | a.rottmann@gmx.at
Georg-Rendlweg 28        | A-5111 Bürmoos | Austria       | Europe
http://www.8ung.at/rotty | GnuPG Key: http://www.8ung.at/rotty/gpg.asc
Fingerprint              | DFB4 4EB4 78A4 5EEE 6219  F228 F92F CFC5 01FD 5B62

Reply to: