Small and lightweight cloud storage written in C99 and POSIX.1-2008. https://gitea.privatedns.org/xavi/slcl/atom?h=libweb-configure 2025-10-09T14:37:39+00:00 2025-10-09T14:37:39+00:00 Xavier Del Campo Romero xavi92@disroot.org 2025-10-09T14:37:39+00:00 urn:sha1:261455ce29ecf158630a1e99cbad5812b4e40638 2025-10-08T20:55:44+00:00 Xavier Del Campo Romero xavi92@disroot.org 2025-10-08T11:50:52+00:00 urn:sha1:10e42591ac72285736d5cc4ee5e7c2f68dbf1e4b The SHA256-based password hashing algorithm used by slcl(1) and usergen(1) is considered insecure against several kinds of attacks, including brute force attacks. [1] Therefore, a stronger password hashing algorithm based on the Argon2id key derivation function is now used by default. While OpenSSL does support Argon2id, it is only supported by very recent versions [2], which are still not packaged by most distributions as of the time of this writing. [3] As an alternative to OpenSSL, libsodium [4] had several benefits: - It provides easy-to-use functions for password hashing, base64 encoding/decoding and other cryptographic primitives used by slcl(1) and usergen(1). - It is packaged by most distributions [5], and most often only the patch version differs, which ensures good compatibility across distributions. Unfortunately, and as opposed to OpenSSL, libsodium does not come with command-line tools. Therefore, usergen(1) had to be rewritten in C. In order to maintain backwards compatiblity with existing databases, slcl(1) and usergen(1) shall support the insecure, SHA256-based password hashing algorithm. However, Argon2id shall now be the default choice for usergen(1). [1]: https://security.stackexchange.com/questions/195563/why-is-sha-256-not-good-for-passwords [2]: https://docs.openssl.org/3.3/man7/EVP_KDF-ARGON2/ [3]: https://repology.org/project/openssl/versions [4]: https://www.libsodium.org/ [5]: https://repology.org/project/libsodium/versions 2023-09-27T20:13:52+00:00 Xavier Del Campo Romero xavi.dcr@tutanota.com 2023-09-26T23:45:00+00:00 urn:sha1:2d2f9e44921c8ef1ee7bbff5f66a1c071057aeb2 LICENSE is not copied to the installation prefix, so adding a short copyright notice instead might be a better reference. 2023-09-27T20:13:52+00:00 Xavier Del Campo Romero xavi.dcr@tutanota.com 2023-09-08T23:00:13+00:00 urn:sha1:a9d6cdf2e9646c3d6880ab671173ea9902e84d8d 2023-09-27T20:08:23+00:00 Xavier Del Campo Romero xavi.dcr@tutanota.com 2023-08-12T00:20:32+00:00 urn:sha1:f7293744cea7b2e3b5980676d86d4a33bfdeb5b8 2023-09-26T23:48:18+00:00 Xavier Del Campo Romero xavi.dcr@tutanota.com 2023-09-26T23:46:08+00:00 urn:sha1:653924ba87a1367194bc25554ba3fae780fd6a2f This feature was already implemented by: commit 0822a982ef3b085dc109ec373ff537974503eb04 Author: Xavier Del Campo Romero <xavi.dcr@tutanota.com> Date: Sat Jul 8 00:54:59 2023 +0200 Implement file/directory removal 2023-08-08T11:05:33+00:00 Xavier Del Campo Romero xavi.dcr@tutanota.com 2023-08-08T11:02:11+00:00 urn:sha1:474de49bad14f4af8ecd52a64816b10cc7959480 2023-08-01T00:25:30+00:00 Xavier Del Campo Romero xavi.dcr@tutanota.com 2023-08-01T00:13:52+00:00 urn:sha1:75f1f223d45d00629ed0866bf8bed726b60d8215 Despite designed around portability and minimalism, I feel slcl no longer aligns with the philosophical views from the suckless project. Therefore, I think it was appropriate to unlink its branding from it. 2023-03-16T00:57:04+00:00 Xavier Del Campo Romero xavi.dcr@tutanota.com 2023-03-16T00:55:43+00:00 urn:sha1:aefd6c6fdaff9dd43369a93d7c91246accf34164 2023-03-16T00:18:04+00:00 Xavier Del Campo Romero xavi.dcr@tutanota.com 2023-03-16T00:18:04+00:00 urn:sha1:955ae07f5550559d0570210273fe975624e99f1f - User quota was implemented by commit ff8da797a. - Public file sharing was implemented by commit 2e1b1313.