git.schokokeks.org
Repositories
Help
Report an Issue
derivepassphrase.git
Code
Commits
Branches
Tags
Suche
Strukturansicht:
50490f6
Branches
Tags
documentation-tree
master
0.1.0
0.1.1
0.1.2
0.1.3
0.2.0
0.3.0
0.3.1
0.3.2
derivepassphrase.git
0.x
_future
index.html
Deployed ffee25004de8 to 0.x with MkDocs 1.6.1 and mike 2.1.3
Marco Ricci
commited
50490f6
at 2024-10-21 15:11:06
index.html
Blame
History
Raw
<!doctype html> <html lang="en" class="no-js"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width,initial-scale=1"> <meta name="description" content="An almost faithful Python reimplementation of James Coglan's vault."> <meta name="author" content="Marco Ricci"> <link rel="canonical" href="https://the13thletter.info/derivepassphrase/0.x/_future/"> <link rel="icon" href="../assets/images/favicon.png"> <meta name="generator" content="mkdocs-1.6.1, mkdocs-material-9.5.39"> <title>Some ideas for future work - derivepassphrase</title> <link rel="stylesheet" href="../assets/stylesheets/main.8c3ca2c6.min.css"> <style>:root{--md-text-font:"Noto Sans";--md-code-font:"Noto Mono"}</style> <link rel="stylesheet" href="../assets/_mkdocstrings.css"> <link rel="stylesheet" href="../mkdocstrings_recommended_styles.css"> </head> <body dir="ltr"> <input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off"> <input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off"> <label class="md-overlay" for="__drawer"></label> <div data-md-component="skip"> <a href="#some-ideas-for-future-work" class="md-skip"> Skip to content </a> </div> <div data-md-component="announce"> </div> <div data-md-color-scheme="default" data-md-component="outdated" hidden> </div> <div class="md-container" data-md-component="container"> <nav class="md-tabs" aria-label="Tabs" data-md-component="tabs"> <div class="md-grid"> <ul class="md-tabs__list"> <li class="md-tabs__item"> <a href=".." class="md-tabs__link"> Overview </a> </li> <li class="md-tabs__item"> <a href="../tutorials/basic-setup-passphrase/" class="md-tabs__link"> Tutorials & Examples </a> </li> <li class="md-tabs__item"> <a href="../reference/" class="md-tabs__link"> Reference </a> </li> <li class="md-tabs__item"> <a href="../changelog/" class="md-tabs__link"> Changelog </a> </li> </ul> </div> </nav> <main class="md-main" data-md-component="main"> <div class="md-main__inner md-grid"> <div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" > <div class="md-sidebar__scrollwrap"> <div class="md-sidebar__inner"> <nav class="md-nav md-nav--primary md-nav--lifted" aria-label="Navigation" data-md-level="0"> <label class="md-nav__title" for="__drawer"> <a href=".." title="derivepassphrase" class="md-nav__button md-logo" aria-label="derivepassphrase" data-md-component="logo"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54"/></svg> </a> derivepassphrase </label> <div class="md-nav__source"> <a href="https://github.com/the-13th-letter/derivepassphrase" title="Go to repository" class="md-source" data-md-component="source"> <div class="md-source__icon md-icon"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 6.6.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81"/></svg> </div> <div class="md-source__repository"> the-13th-letter/derivepassphrase </div> </a> </div> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href=".." class="md-nav__link"> <span class="md-ellipsis"> Overview </span> </a> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_2" > <label class="md-nav__link" for="__nav_2" id="__nav_2_label" tabindex="0"> <span class="md-ellipsis"> Tutorials & Examples </span> <span class="md-nav__icon md-icon"></span> </label> <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_2_label" aria-expanded="false"> <label class="md-nav__title" for="__nav_2"> <span class="md-nav__icon md-icon"></span> Tutorials & Examples </label> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../tutorials/basic-setup-passphrase/" class="md-nav__link"> <span class="md-ellipsis"> Tutorial: setting up derivepassphrase vault for three accounts, with a master passphrase </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3" > <div class="md-nav__link md-nav__container"> <a href="../reference/" class="md-nav__link "> <span class="md-ellipsis"> Reference </span> </a> <label class="md-nav__link " for="__nav_3" id="__nav_3_label" tabindex="0"> <span class="md-nav__icon md-icon"></span> </label> </div> <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_3_label" aria-expanded="false"> <label class="md-nav__title" for="__nav_3"> <span class="md-nav__icon md-icon"></span> Reference </label> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../reference/derivepassphrase.1/" class="md-nav__link"> <span class="md-ellipsis"> Man page: derivepassphrase </span> </a> </li> <li class="md-nav__item"> <a href="../reference/derivepassphrase-vault.1/" class="md-nav__link"> <span class="md-ellipsis"> Man page: derivepassphrase-vault </span> </a> </li> <li class="md-nav__item"> <a href="../reference/derivepassphrase-export.1/" class="md-nav__link"> <span class="md-ellipsis"> Man page: derivepassphrase-export </span> </a> </li> <li class="md-nav__item"> <a href="../reference/derivepassphrase-export-vault.1/" class="md-nav__link"> <span class="md-ellipsis"> Man page: derivepassphrase-export-vault </span> </a> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3_6" > <label class="md-nav__link" for="__nav_3_6" id="__nav_3_6_label" tabindex="0"> <span class="md-ellipsis"> Module derivepassphrase </span> <span class="md-nav__icon md-icon"></span> </label> <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_3_6_label" aria-expanded="false"> <label class="md-nav__title" for="__nav_3_6"> <span class="md-nav__icon md-icon"></span> Module derivepassphrase </label> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../reference/derivepassphrase.cli/" class="md-nav__link"> <span class="md-ellipsis"> Submodule cli </span> </a> </li> <li class="md-nav__item"> <a href="../reference/derivepassphrase.exporter/" class="md-nav__link"> <span class="md-ellipsis"> Subpackage exporter </span> </a> </li> <li class="md-nav__item"> <a href="../reference/derivepassphrase.sequin/" class="md-nav__link"> <span class="md-ellipsis"> Submodule sequin </span> </a> </li> <li class="md-nav__item"> <a href="../reference/derivepassphrase.ssh_agent/" class="md-nav__link"> <span class="md-ellipsis"> Submodule ssh_agent </span> </a> </li> <li class="md-nav__item"> <a href="../reference/derivepassphrase._types/" class="md-nav__link"> <span class="md-ellipsis"> Submodule _types </span> </a> </li> <li class="md-nav__item"> <a href="../reference/derivepassphrase.vault/" class="md-nav__link"> <span class="md-ellipsis"> Submodule vault </span> </a> </li> </ul> </nav> </li> </ul> </nav> </li> <li class="md-nav__item"> <a href="../changelog/" class="md-nav__link"> <span class="md-ellipsis"> Changelog </span> </a> </li> </ul> </nav> </div> </div> </div> <div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" > <div class="md-sidebar__scrollwrap"> <div class="md-sidebar__inner"> <nav class="md-nav md-nav--secondary" aria-label="Table of contents"> <label class="md-nav__title" for="__toc"> <span class="md-nav__icon md-icon"></span> Table of contents </label> <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix> <li class="md-nav__item"> <a href="#subcommands" class="md-nav__link"> <span class="md-ellipsis"> Subcommands </span> </a> <nav class="md-nav" aria-label="Subcommands"> <ul class="md-nav__list"> <li class="md-nav__item"> <a href="#derivation-schemes" class="md-nav__link"> <span class="md-ellipsis"> Derivation schemes </span> </a> </li> <li class="md-nav__item"> <a href="#other-functionality" class="md-nav__link"> <span class="md-ellipsis"> Other functionality </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item"> <a href="#documentation" class="md-nav__link"> <span class="md-ellipsis"> Documentation </span> </a> <nav class="md-nav" aria-label="Documentation"> <ul class="md-nav__list"> <li class="md-nav__item"> <a href="#tutorials" class="md-nav__link"> <span class="md-ellipsis"> Tutorials </span> </a> </li> <li class="md-nav__item"> <a href="#how-tos" class="md-nav__link"> <span class="md-ellipsis"> How-tos </span> </a> </li> <li class="md-nav__item"> <a href="#reference" class="md-nav__link"> <span class="md-ellipsis"> Reference </span> </a> </li> <li class="md-nav__item"> <a href="#explanation" class="md-nav__link"> <span class="md-ellipsis"> Explanation </span> </a> </li> </ul> </nav> </li> </ul> </nav> </div> </div> </div> <div class="md-content" data-md-component="content"> <article class="md-content__inner md-typeset"> <a href="https://github.com/the-13th-letter/derivepassphrase/raw/master/docs/_future.md" title="View source of this page" class="md-content__button md-icon"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M17 18c.56 0 1 .44 1 1s-.44 1-1 1-1-.44-1-1 .44-1 1-1m0-3c-2.73 0-5.06 1.66-6 4 .94 2.34 3.27 4 6 4s5.06-1.66 6-4c-.94-2.34-3.27-4-6-4m0 6.5a2.5 2.5 0 0 1-2.5-2.5 2.5 2.5 0 0 1 2.5-2.5 2.5 2.5 0 0 1 2.5 2.5 2.5 2.5 0 0 1-2.5 2.5M9.27 20H6V4h7v5h5v4.07c.7.08 1.36.25 2 .49V8l-6-6H6a2 2 0 0 0-2 2v16a2 2 0 0 0 2 2h4.5a8.2 8.2 0 0 1-1.23-2"/></svg> </a> <h1 id="some-ideas-for-future-work">Some ideas for future work<a class="headerlink" href="#some-ideas-for-future-work" title="Permanent link">¶</a></h1> <h2 id="subcommands">Subcommands<a class="headerlink" href="#subcommands" title="Permanent link">¶</a></h2> <p>(In no particular order.)</p> <h3 id="derivation-schemes">Derivation schemes<a class="headerlink" href="#derivation-schemes" title="Permanent link">¶</a></h3> <ul> <li><code>spectre</code> (<code>master-password</code>): derive passphrases according to the “Master Password” scheme as used by the Spectre app. (<a href="https://github.com/the-13th-letter/derivepassphrase/issues/2">#2</a>)</li> </ul> <h3 id="other-functionality">Other functionality<a class="headerlink" href="#other-functionality" title="Permanent link">¶</a></h3> <ul> <li><code>explore-permitted-special-characters</code>: generate new configurations starting from a base configuration until one of them passes the “special characters” constraints.</li> <li><code>rotate</code>: generate a new configuration suitable for passphrase rotation, compatible with the base configuration’s constraints.</li> <li> <p><code>service-plugins</code>: manage plugins that automate certain tasks, as outlined in the notes of the queried service.</p> <ul> <li> <p><code>load-ssh-key</code>: if the service uses an SSH key, autoload the key from a well-known location into the SSH agent if it isn’t already loaded.</p> <p><code>vault</code>-specific.</p> </li> <li> <p><code>decrypt-notes</code>: decrypt OpenPGP-encrypted notes with GnuPG or Sequoia <code>sq</code>.</p> <p>Open questions:</p> <ul> <li>Use an automatic, symmetric encryption key, or rely on the standard OpenPGP key store? (Do <em>not</em> use the derived service passphrase for this: the quality may be arbitrarily bad due to the passphrase constaints, and the service itself could compromise that passphrase.)</li> </ul> </li> <li> <p><code>generate-otp</code>: if the service uses two-factor authentication and the configuration contains one-time password settings, call <code>oathtool</code> to obtain one or more OTPs.</p> <p>May require the <code>decrypt-notes</code> plugin first.</p> </li> <li> <p><code>manage-runit-services</code>: if the service contains <code>runit</code> service configuration, ensure the specified <code>runit</code> services are running concurrently, and stopped after signalling.</p> <p>Typical use case is a service only accessible via VPN or SSH proxy, where the VPN/proxy would run as a <code>runit</code> service.</p> <p>Open questions:</p> <ul> <li>Interface with <code>inotifywait</code> to wait for SSH control socket?</li> </ul> </li> </ul> </li> </ul> <h2 id="documentation">Documentation<a class="headerlink" href="#documentation" title="Permanent link">¶</a></h2> <p>(Categorized as per <a href="https://diataxis.fr">the diataxis framework</a>, but otherwise in no particular order.)</p> <h3 id="tutorials">Tutorials<a class="headerlink" href="#tutorials" title="Permanent link">¶</a></h3> <ul> <li><a href="../tutorials/basic-setup-passphrase/">Setting up <code>derivepassphrase</code> from scratch for three existing accounts, with a master passphrase</a></li> <li>Setting up <code>derivepassphrase</code> from scratch for three existing accounts, with a new SSH key</li> </ul> <h3 id="how-tos">How-tos<a class="headerlink" href="#how-tos" title="Permanent link">¶</a></h3> <ul> <li>How to set up <code>derivepassphrase</code> with an SSH key</li> <li>How to choose a good service name</li> <li>How to edit a saved <code>derivepassphrase vault</code> configuration correctly</li> <li>How to deal with “supported” and “unsupported” special characters</li> <li>How to deal with regular passphrase rotation/rollover</li> </ul> <h3 id="reference">Reference<a class="headerlink" href="#reference" title="Permanent link">¶</a></h3> <ul> <li><code>derivepassphrase-vault.json</code>(<b>5</b>)</li> </ul> <h3 id="explanation">Explanation<a class="headerlink" href="#explanation" title="Permanent link">¶</a></h3> <ul> <li>Security aspects and other tradeoffs when using deterministic password generators</li> <li>Tradeoffs between a master passphrase and a master SSH key</li> <li>Why is <code>vault</code>’s <code>--repeat</code> option named this way if it counts occurrences, not repetitions?</li> <li>Why are master SSH keys not supported under Windows?</li> </ul> </article> </div> </div> </main> <footer class="md-footer"> <div class="md-footer-meta md-typeset"> <div class="md-footer-meta__inner md-grid"> <div class="md-copyright"> <div class="md-copyright__highlight"> Copyright © 2024 Marco Ricci (the-13th-letter) </div> Made with <a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener"> Material for MkDocs </a> and <a href="https://mkdocstrings.github.io/python/" target="_blank" rel="noopener"> mkdocstrings-python </a> </div> </div> </div> </footer> </div> <div class="md-dialog" data-md-component="dialog"> <div class="md-dialog__inner md-typeset"></div> </div> </body> </html>
