~/.aurvote and passwords

synthead · 2008-04-21 01:00:19

I don't really want to store my password for the AUR in plaintext within ~/.aurvote. Is there a way I could hash it for ~/.aurvote or something?

Last edited by synthead (2008-04-22 09:24:17)

synthead · 2008-04-22 20:17:26

bump

aRcHaTe · 2008-04-22 21:52:56

i dont think so....

DonVla · 2008-04-23 09:02:51

synthead wrote:

I don't really want to store my password for the AUR in plaintext within ~/.aurvote. Is there a way I could hash it for ~/.aurvote or something?

chmod 600 ~/.aurvote, move file to a truecrypt encrypted partition, then use gpg. security first

iphitus · 2008-04-23 09:42:29

You could always patch aurvote.

carlocci · 2008-04-23 14:43:41

synthead wrote:

I don't really want to store my password for the AUR in plaintext within ~/.aurvote. Is there a way I could hash it for ~/.aurvote or something?

If you hash it how would you go back to your key from the hash?
You could encrypt it, but then you would have to use a password to decode it runtime.
Being a bash script, you can easily patch aurvote for asking your password at runtime, I believe.
Just add something like

echo "Insert password"
read PASS

when your .aurvote is sourced.
This way you'll have to enter your password everytime though.

EvilSnowball · 2009-06-21 17:19:23

You could create a separate file – say, ~/auracc – containing something like this:

user:yourUserName
pass:yourPassword

This file could be made readable/writable only by root. Then your ~/.aurvote file could look like this:

user=$(sudo grep "user" ~/auracc | cut -d":" -f2)
pass=$(sudo grep "pass" ~/auracc | cut -d":" -f2)

EDIT: Whoa... Oops! Looks like this thread was over a year old. I thought I saw "2009" where it said "2008". I guess I didn't look at the date long enough...

Last edited by EvilSnowball (2009-06-22 00:43:48)

trusktr · 2010-05-27 20:57:46

I think the easiest thing is just make some random username and password you will never use for anything else, just for aurvote.

Problem solved.

I mean, seriously, if someone steals your aurvote credentials, what are they gunna do? Go around voting for everything? What a waste of time!

j.roszk · 2010-05-27 21:19:46

Someone can put some nasty lines into your PKGBUILDS.

misc · 2010-06-29 21:28:25

edit: Nevermind, it's in ~/.config .

Last edited by misc (2010-06-29 21:37:20)

ricardofunke · 2011-08-12 02:35:02

Yeah I know that is being a long time, but here's my solution:

I put this lines in the .config/aurvote file:

$ cat .config/aurvote
read -p 'Username: ' user
read -s -p 'Password: ' pass
echo

And it works flawlessly! But I think it should be directly in the aurvote code instead of asking you to make that dumb insecure file

fsckd · 2011-08-16 14:40:46

I'm going to go ahead and close this. Whatever answers that could be given have already been given.

I've split the generic discussion on password storage into a new thread found here: https://bbs.archlinux.org/viewtopic.php?pid=976879

Arch Linux

#1 2008-04-21 01:00:19

~/.aurvote and passwords

#2 2008-04-22 20:17:26

Re: ~/.aurvote and passwords

#3 2008-04-22 21:52:56

Re: ~/.aurvote and passwords

#4 2008-04-23 09:02:51

Re: ~/.aurvote and passwords

#5 2008-04-23 09:42:29

Re: ~/.aurvote and passwords

#6 2008-04-23 14:43:41

Re: ~/.aurvote and passwords

#7 2009-06-21 17:19:23

Re: ~/.aurvote and passwords

#8 2010-05-27 20:57:46

Re: ~/.aurvote and passwords

#9 2010-05-27 21:19:46

Re: ~/.aurvote and passwords

#10 2010-06-29 21:28:25

Re: ~/.aurvote and passwords

#11 2011-08-12 02:35:02

Re: ~/.aurvote and passwords

#12 2011-08-16 14:40:46

Re: ~/.aurvote and passwords

Board footer