I am currently trying to build a little, secure password manager. As of now, I've implemented the encryption. Each website has its own file and each file has a number of fields (Most commonly username and password). I am using serpent 256 to encrypt the files, and I use a random key (created Crypto.Random in python) that is encrypted using GPG, with a 4k key. Side question: The key is sha256 hashed in order to be able to enter whatever size you want ('cause sha256 always has 256 bit result), do I lose any entropy/security/etc.?
My main question, is how can I securely transfer the decrypted data from my program to, let's say a browser text field or a terminal. I am concerned about keyloggers. So, clipboard is out, virtual typing is out.
I don't know what to google, so search term suggestions are welcome too. I am working on linux (I don't care about other OSes) with python.
The code so far: http://ift.tt/1x6QICq
Aucun commentaire:
Enregistrer un commentaire