scip/pcp
1
0
Fork 0
mirror of https://codeberg.org/scip/pcp.git synced 2025-12-16 19:40:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
cb654bd48fbe75f17f171d9050fcce447df3700a
pcp/FAQ
Alois 8cd4a18c40 fix typo
2016-07-05 14:56:35 +02:00

61 lines
2.0 KiB
Plaintext
Raw Blame History

= build a static binary =
./configure --disable-debug
make LDFLAGS="-all-static -s"
= choosing a strong passphrase =
A passphrase like Ahc<e3% is not really secure. First
it's difficult to memorize, second it's easy for a computer
to compute. The better aproach is to use a passphrase
you can easily memorize and which is hard for a computer
to compute (i.e. to guess) like: Phantom orchestra boredom popcorn.
Read [1] to learn more.
Pcp doesn't enforce a password policy nor does it check
the password quality. Use something like pwqcheck [2].
= supply password non-interactively without blocking stdin =
Sometimes (e.g. for tests) there's no controlling terminal from
which pcp could request a passphrase if needed. In such cases
you can use the option -X <file> so that it reads the passphrase
from that file.
However if you call -X - then it will read the passphrase from
stdin. But what if the data to be processed shall be read from
stdin as well?
Use a pipe:
mkfifo /tmp/pwpipe
chmod 600 /tmp/pwpipe
export HISTIGNORE=printf
printf "%s\n", "password" > /tmp/pwpipe &
cat cleartext | pcp1 -e -O output -X /tmp/pwpipe
rm -f /tmp/pwpipe
So, what happens here? We create a named pipe in /tmp/pwpipe and
print the passphrase into it. We use printf, because this is a
shell built-in and does not appear in any process listing or
process accounting. But note the '&' after the printf command:
we're sending it into the background. Why? Because a named pipe
is a real simple device. It blocks writing if there's no reader
and it blocks reading if there's no writer. So in our case we
put the passphrase into it, but the printf command will be blocked
until some other process reads it from the pipe, which is precisely
what happens in the next line. Pcp uses the pipe (because of -X),
reads the passphrase from there and proceeds with it's normal
business. Meanwhile the printf command exits.
[1]
https://firstlook.org/theintercept/2015/03/26/passphrases-can-memorize-attackers-cant-guess/
[2]
http://www.openwall.com/passwdqc/
Reference in New Issue View Git Blame Copy Permalink