Incorporate revised wording from the manpage into the README
Marco Ricci

Marco Ricci commited on 2025-01-07 23:36:49
Zeige 1 geänderte Dateien mit 5 Einfügungen und 3 Löschungen.


The revised wording spells out the strength guarantee of the derivation
scheme and the purpose of the configuration file more explicitly.

We intentionally keep the introductory sentences (one-line description
and first sentence of the first explanatory paragraph) different,
because they have different contexts to work with; in particular, the
manpage contains a synopsis section and can refer to the SERVICE metavar
in its one-line description, whereas the README cannot, and should also
mention SSH keys early.
... ...
@@ -6,9 +6,11 @@
6 6
 An almost faithful Python reimplementation of [James Coglan's `vault`][VAULT], a deterministic password manager/generator.
7 7
 
8 8
 Using a master passphrase or a master SSH key, derive a passphrase for a given named service, subject to length, character and character repetition constraints.
9
-The derivation is cryptographically strong, meaning that even if a single passphrase is compromised, guessing the master passphrase or a different service's passphrase is computationally infeasible.
10
-The derivation is also deterministic, given the same inputs, thus the resulting passphrase need not be stored explicitly.
11
-The service name and constraints themselves also need not be kept secret; the latter are usually stored in a world-readable file.
9
+
10
+The derivation is *strong*: derived passphrases have as much entropy as permitted by the master passphrase and the passphrase constraints (whichever is more restrictive), and even if multiple derived passphrases are compromised, the master passphrase remains cryptographically difficult to discern from these compromised passphrases.
11
+The derivation is also *deterministic*, given the same inputs, thus the resulting passphrase need not be stored explicitly.
12
+
13
+The service name and constraints themselves also need not be kept secret; the latter are usually stored in a world-readable file to ease repeated entry of passphrase constraints.
12 14
 
13 15
 [VAULT]: https://www.npmjs.com/package/vault
14 16
 
15 17