On Sun 22 Apr 2018 at 11:10:24 -0500, David Wright wrote: > On Sat 21 Apr 2018 at 12:43:54 (-0700), David Christensen wrote: > > > > On 04/21/18 08:20, Brian wrote: > > >On Fri 20 Apr 2018 at 17:07:10 -0700, David Christensen wrote: > > > >> As scrypt is going to prompt you for a passphrase anyway, why don't > > >> you leave the script unencrypted and revise it to prompt for the > > >> "important password"? > > > > Please comment. > > One might assume that the script could have a unencrypted option to > select between a number of "important passwords", each of which might > be a long, complex, unmemorable string, subject to frequent changes, > and (or because) exposed to the rest of the world. > > OTOH the passphrase protecting the script might be a single, simple, > fixed, memorable string only exposed to users on the machine in question.
I thought I had indicated my intention to take the advice offered and put the important password (a master password) in a separate file and source it from the script. The script itself does not need encrypting if the master password is not in it. However, I would not want the separate file unencryted because the master password gives access to passwords for all sorts of websites. Users actually have to know this master password. It is a long phrase, not too hard to memorise but tedious to type. As I have said, encrypting the separate file with scrypt allows me to get the decryption password down to a more user-friendly 14 characters. The prompting for the password is done by scrypt. There is no point in multiple people having different passwords. All users here are trusted. -- Brian.