Marco Ricci commited on 2025-01-07 23:36:49
Zeige 1 geänderte Dateien mit 5 Einfügungen und 3 Löschungen.
The revised wording spells out the strength guarantee of the derivation scheme and the purpose of the configuration file more explicitly. We intentionally keep the introductory sentences (one-line description and first sentence of the first explanatory paragraph) different, because they have different contexts to work with; in particular, the manpage contains a synopsis section and can refer to the SERVICE metavar in its one-line description, whereas the README cannot, and should also mention SSH keys early.
... | ... |
@@ -6,9 +6,11 @@ |
6 | 6 |
An almost faithful Python reimplementation of [James Coglan's `vault`][VAULT], a deterministic password manager/generator. |
7 | 7 |
|
8 | 8 |
Using a master passphrase or a master SSH key, derive a passphrase for a given named service, subject to length, character and character repetition constraints. |
9 |
-The derivation is cryptographically strong, meaning that even if a single passphrase is compromised, guessing the master passphrase or a different service's passphrase is computationally infeasible. |
|
10 |
-The derivation is also deterministic, given the same inputs, thus the resulting passphrase need not be stored explicitly. |
|
11 |
-The service name and constraints themselves also need not be kept secret; the latter are usually stored in a world-readable file. |
|
9 |
+ |
|
10 |
+The derivation is *strong*: derived passphrases have as much entropy as permitted by the master passphrase and the passphrase constraints (whichever is more restrictive), and even if multiple derived passphrases are compromised, the master passphrase remains cryptographically difficult to discern from these compromised passphrases. |
|
11 |
+The derivation is also *deterministic*, given the same inputs, thus the resulting passphrase need not be stored explicitly. |
|
12 |
+ |
|
13 |
+The service name and constraints themselves also need not be kept secret; the latter are usually stored in a world-readable file to ease repeated entry of passphrase constraints. |
|
12 | 14 |
|
13 | 15 |
[VAULT]: https://www.npmjs.com/package/vault |
14 | 16 |
|
15 | 17 |