Hello, this mail won't be related to any suckless projects, I am looking for some guidance/tips. If this isn't a good place for such requests I can take a hint.
Since I stumbled upon suckless.org (2-3 weeks) I switched to dwm and st, read the philosophy and many other pages, browsed through some source code, looked up plan 9 in a bit more detail than before, read about 9P, the list could go on for a while, you get the idea. I'm not a C programmer but decided it's time to try and write something useful. Thinking about a good project brought me to password stores. I never liked (or trusted) these big fluffy UI-driven password solutions (god forbid if they offer cloud syncing and such), so I always sticked with pass whenever possible. The only thing I dislike about it is piggybacking on gpg, which is big and scary for people who don't use it on a daily basis and from my own experience hard to understand and set up. Contemplating on what a pass-like password manager needs to do, making it as simple as possible, there's possibly 3 commands needed - init - one-time initialization of the password store, key generation, ... - set - encrypt a password - get - decrypt a password The second piece would be a daemon (agent) that caches the master password like gpg-agent or ssh-agent does. I don't want to focus on this piece until the first one is polished. Trying my hands on putting this together got me this far: https://gitlab.com/xificurC/heslo If you bore with me this far (pardon for the longer introduction) I can finally ask for some guidance: encryption isn't a topic to be taken lightly and I wouldn't like to rely on tips from random people on the internet. Storing passwords requires 1 encryption/decryption algorithm. Which one to choose? I would like to rely on libc only and am naively thinking an encryption/decryption algorithm could be easily copied into the current source code. If anyone finds it fun to look through some newcomer-level source code to give pointers on what should be changed or pinpoint bugs/issues with the code I'd be thrilled. Thanks in advance and reminding once again - if this is inappropriate for this mailing list just say the word. I'm just looking for guidance from people who value simplicity and have experience. -- ------------ Peter Nagy ------------
