summaryrefslogtreecommitdiffstats
path: root/src/home/homework-password-cache.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/home/homework-password-cache.h')
-rw-r--r--src/home/homework-password-cache.h12
1 files changed, 8 insertions, 4 deletions
diff --git a/src/home/homework-password-cache.h b/src/home/homework-password-cache.h
index fdfbcfe..e2d86eb 100644
--- a/src/home/homework-password-cache.h
+++ b/src/home/homework-password-cache.h
@@ -5,8 +5,9 @@
#include "user-record.h"
typedef struct PasswordCache {
- /* Passwords acquired from the kernel keyring */
- char **keyring_passswords;
+ /* The volume key from the kernel keyring */
+ void *volume_key;
+ size_t volume_key_size;
/* Decoding passwords from security tokens is expensive and typically requires user interaction,
* hence cache any we already figured out. */
@@ -20,9 +21,12 @@ static inline bool password_cache_contains(const PasswordCache *cache, const cha
if (!cache)
return false;
+ /* Used to decide whether or not to set a minimal PBKDF, under the assumption that if
+ * the cache contains a password then the password came from a hardware token of some kind
+ * and is thus naturally high-entropy. */
+
return strv_contains(cache->pkcs11_passwords, p) ||
- strv_contains(cache->fido2_passwords, p) ||
- strv_contains(cache->keyring_passswords, p);
+ strv_contains(cache->fido2_passwords, p);
}
void password_cache_load_keyring(UserRecord *h, PasswordCache *cache);
generated by cgit v1.2.3 (git 2.39.1) at 2024-10-02 23:01:36 +0000