Moritz Wilhelmy dixit (2009-12-20, 12:03): > On Sun, Dec 20, 2009 at 11:53:02AM +0100, markus schnalke wrote: > > [2009-12-19 21:37] pancake <[email protected]> > > > > > > I have done two patches for slock. > > > > > > The first simplifying the use of cpp and the other adding user > > > defined password. > > > > The password should probably not be a clear text string inside the > > binary file, as one can easily read it with `strings slock'. > > > > Is there a secure hash function in standard C? I think not. Linking > > some external library for this, seems to be overkill. > > > > Maybe we could give slock a system account to check the password > > against. Thus it must not to be the own account, but can be a special > > slock system user, which exists just for this task. > > > > Unfortunately only root users will have the ability to set different > > passwords then. > > > > > > meillo > > And only root-users will be able to use slock then, so it doesn't > work for people working on public machines, for instance at university.
There are kernel-based crypto functions (including strong hashes), at least in Linux, dunno about other OS'es, so it wouldn't be necessary to link to an external library. Still, there'd need to be a simple way to generate the hash, perhaps another binary for hashing the stdin would do then? Or slock itself, when fed a string. -- [a]
