Skip to content
This repository was archived by the owner on Jun 15, 2023. It is now read-only.

feat: allow keychain interactions without a password#25

Closed
achingbrain wants to merge 1 commit intomasterfrom
do-not-require-passphrase
Closed

feat: allow keychain interactions without a password#25
achingbrain wants to merge 1 commit intomasterfrom
do-not-require-passphrase

Conversation

@achingbrain
Copy link
Member

@achingbrain achingbrain commented Sep 7, 2018
edited
Loading

Possibly contentious PR, but go-ipfs does not require a password to list or generate keys but js-ipfs does. This prevents us from having interop as the behaviour is different.

This PR sets a silly default password to enable this but I'm not 100% convinced any of this is a good idea.

Needed for the tests in ipfs/js-ipfs#1548 and ipfs/interop#35 to pass.

@ghost ghost assigned achingbrain Sep 7, 2018
@ghost ghost added the in progress label Sep 7, 2018
@achingbrain achingbrain mentioned this pull request Sep 7, 2018
Open
@vasco-santos
Copy link
Member

vasco-santos commented Sep 8, 2018
edited
Loading

In my honest opinion, keychain interactions should be protected by a password, as we have in JS land. However, afaik there are no specs for this.

But since we have a different approach from the GO team, we should discuss together and decide if JS should abdicate from this feature, or if they should add this feature on their side.

What do you think?
@libp2p/javascript-team
@libp2p/go-team

@achingbrain
Copy link
Member Author

achingbrain commented Sep 8, 2018

My feeling is that requiring the password for all interactions is a bit heavy handed - the password is not required by the code to list keys in the keychain for example.

@bigs
Copy link

bigs commented Sep 10, 2018

perhaps a flag to allow a user to set a password, similar to how SSH prompts for a password but doesn't require it?

@achingbrain achingbrain changed the title chore: allow keychain interactions without a password feat: allow keychain interactions without a password Sep 10, 2018
daviddias
daviddias reviewed Sep 17, 2018
View reviewed changes
src/keychain.js
hash: 'sha2-512'
}
},
passPhrase: 'correcthorsebatterystaple'
Copy link
Member

@daviddias daviddias Sep 17, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What if the default password is just empty string?

Copy link
Member Author

@achingbrain achingbrain Sep 17, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The code later enforces that the password should be 20+ characters long.

@achingbrain
Copy link
Member Author

achingbrain commented Jan 27, 2023

Closing because this is very old and probably not a good idea.

@achingbrain achingbrain deleted the do-not-require-passphrase branch January 27, 2023 17:03
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

1 more reviewer

@daviddias daviddias daviddias left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@achingbrain achingbrain

Labels

in progress

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@achingbrain @vasco-santos @bigs @daviddias