Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

.tokenfile is very bad and what we can do about it #120

Open
ultrabear opened this issue Nov 27, 2023 · 0 comments
Open

.tokenfile is very bad and what we can do about it #120

ultrabear opened this issue Nov 27, 2023 · 0 comments

Comments

@ultrabear
Copy link
Member

The .tokenfile system was originally made to offer a cheap guard against unauthorized access to the discord token when the bot was not active, without having to set env vars manually.

Originally the design makes use of miniflip, a easy to implement (and probably easier to brute force) encryption scheme I hacked together, this was to avoid adding a cryptography dependency directly to LeXdPyK.
But as Sonnet has grown, letting LeXdPyK have a dependency that Sonnet already uses is fine, and pipenv has started to mend the state of python dependency management.

So in the future, we can and should implement an AES + [password_hash] based approach, that will seamlessly upgrade peoples tokenfiles to use the more secure method
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ultrabear