simon-git: putty (master): Simon Tatham
Commits to Tartarus CVS repository.
tartarus-commits at lists.tartarus.org
Thu Mar 17 18:58:26 GMT 2016
TL;DR:
0fadffe Add command-line passphrase-file options to command-line PuTTYgen.
Repository: git://git.tartarus.org/simon/putty.git
On the web: http://tartarus.org/~simon-git/gitweb/?p=putty.git
Branch updated: master
Committer: Simon Tatham <anakin at pobox.com>
Date: 2016-03-17 18:58:26
commit 0fadffe0cbd191c3125834a1445ebe1885a88295
web diff http://tartarus.org/~simon-git/gitweb/?p=putty.git;a=commitdiff;h=0fadffe0cbd191c3125834a1445ebe1885a88295;hp=5c5879b99d2a0785095a384f48a2d934e1b2d4c5
Author: Simon Tatham <anakin at pobox.com>
Date: Thu Mar 17 18:42:46 2016 +0000
Add command-line passphrase-file options to command-line PuTTYgen.
Patch due to Colin Watson.
Putting the passphrase in a file avoids exposing it to 'ps' which can
print out every process's command line, while at the same time not
being as platform-specific as the approach of providing an fd number
(since cmdgen.c is in principle a potential cross-platform PuTTYgen,
not just a Unix one, which is why it's not in the 'unix' directory).
Of course it introduces its own risks if someone can read the file
from your disk after you delete it; probably the best approach to
avoiding this, if possible, is to point the option at a file on an
in-memory tmpfs type file system. Or better still, use bash-style
/dev/fd options such as
puttygen --new-passphrase <(echo -n "my passphrase") [options]
Failing that, try a secure file-wipe utility, as the man page change
mentions.
(And a use case not to be overlooked, of course, is the one where you
actually want to generate an unprotected key - in which case, just
pass /dev/null as the filename.)
cmdgen.c | 149 +++++++++++++++++++++++++++++++++++++-------------------
doc/man-pg.but | 20 ++++++--
2 files changed, 114 insertions(+), 55 deletions(-)
More information about the tartarus-commits
mailing list