Skip to content

Commit 836a732

Browse files
besser82besser82
committed
TODO: Style fixes as recommended by codacy.
1 parent d2b3f02 commit 836a732

File tree

1 file changed

+2
-8
lines changed

1 file changed

+2
-8
lines changed

TODO.md

Lines changed: 2 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,6 @@ It was last updated 20 October 2018.
2727
* something bespoke for not having to write serialization and
2828
deserialization logic for hash strings by hand, as this is
2929
probably the most error-prone part of writing a hashing method
30-
3130
* the most sensitive piece of data handled by this library is a
3231
cleartext passphrase. OS may have trusted-path facilities for
3332
prompting the user for a passphrase and feeding it to a KDF
@@ -53,20 +52,15 @@ It was last updated 20 October 2018.
5352
probably not match them (they have a `crypt.conf` but it’s not the
5453
same, and their `crypt_gensalt` is API-incompatible anyway).
5554

56-
[crypt.conf branch]: https://github.com/besser82/libxcrypt/tree/zack/crypt.conf
57-
5855
* Potential API enhancements:
59-
6056
* Support for "pepper" (an additional piece of information, _not_
6157
stored in the password file, that you need to check a password)
62-
6358
* Reading passphrases from the terminal is finicky and there are
6459
several competing, poorly portable, questionably sound library
6560
functions to do it (`getpass`, `readpassphrase`, etc) -- should we
6661
incorporate one?
6762
* If we do, should it know how to trigger the trusted-path
6863
password prompt in modern GUI environments? (probably)
69-
7064
* Make the crypt and crypt_gensalt static state thread-specific?
7165
* Solaris 11 may have done this (its `crypt(3)` manpage describes
7266
it as MT-Safe and I don’t see any other way they could have
@@ -75,11 +69,9 @@ It was last updated 20 October 2018.
7569
data segment off the shared library
7670
* alternatively, add a global lock and *crash the program* if we
7771
detect concurrent calls
78-
7972
* Allow access to more of yescrypt’s tunable parameters and ROM
8073
feature, in a way that’s generic enough that we could also use it
8174
for e.g. Argon2’s tunable parameters
82-
8375
* Other yescrypt-inspired features relevant to using this library to
8476
back a “dedicated authentication service,” e.g. preallocation of
8577
large blocks of scratch memory
@@ -98,3 +90,5 @@ It was last updated 20 October 2018.
9890
arguably uncopyrightable).
9991
* Most of the test suite lacks any license or even authorship
10092
information. We would have to track down the original authors.
93+
94+
[crypt.conf branch]: https://github.com/besser82/libxcrypt/tree/zack/crypt.conf

0 commit comments

Comments
 (0)