[tor-bugs] #29677 [Internal Services/Tor Sysadmin Team]: evaluate password management options

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue May 5 19:25:46 UTC 2020 

#29677: evaluate password management options
-------------------------------------------------+-------------------------
 Reporter:  anarcat                              |          Owner:  tpa
     Type:  task                                 |         Status:
                                                 |  assigned
 Priority:  Low                                  |      Milestone:
Component:  Internal Services/Tor Sysadmin Team  |        Version:
 Severity:  Major                                |     Resolution:
 Keywords:                                       |  Actual Points:
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by gk):

 * cc: gk (added)


Comment:

 Replying to [comment:8 anarcat]:
 > >  Currently, these are only shared in person (via military-grade post-
 quantum encrypted point-to-point subspace transmission).
 >
 > Could you clarify how subspace transmissions work? I'm actually curious
 in having a solid inventory of the different mechanisms.
 >
 > >  While this "works", I'd really appreciate having an easier and more
 fault-tolerant way of securely sharing this information (given the
 importance of keeping this information private). I don't know if such a
 system exists as a solution that Tor can deploy, but that's another wish-
 list item of mine :)
 >
 > What do you mean by "fault-tolerant" here? And I'll note that there are
 *many* password managers out there, and surely there is one that would
 fulfill your dreams.
 >
 > One question, for me, is also whether we should have "one big password
 manager" for everyone or multiple databases. And even with multiple
 databases, we should decide whether we use the same software everywhere so
 that user on team A doesn't get a bad surprise when they try to work with
 team B.

 I am not even sure sysrqb has the same problem as described in this
 ticket: it seems comment:7 is talking about the issue of *sharing* the
 password securely while this ticket is about *storing* the password
 securely. Those are different issues. Even if you store Tor Browser
 related passphrases in whatever super secure environment you have you
 still have the sharing problem unsolved-

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29677#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list