<div dir="auto">I'm confident about myself and my own system, but forcing team members to observe all safety cases is very difficult. <br><br><div data-smartmail="gmail_signature">---------------------------------<br>*وحید معانی*<br>*Vahid Ma'ani*<br><a href="mailto:Vahid.Maani@gmail.com">Vahid.Maani@gmail.com</a> | <a href="http://gnutips.ir">gnutips.ir</a><br><br> </div></div><div class="gmail_extra"><br><div class="gmail_quote">On Dec 31, 2016 11:33 PM, "Lenz Weber" <<a href="mailto:mail@lenzw.de">mail@lenzw.de</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">You do realize that an atacker that is deep enough in your system to<br>
exploit your cached password also could just log your keystrokes as you<br>
type the password? (More reliably if you do so very often)<br>
<br>
Of course using a low timeout is useful if you leave your PC unlocked a<br>
lot, but not caching at all will not save you from most attacks.<br>
<br>
Am 31.12.2016 um 20:20 schrieb Vahid Ma'ani:<br>
> It keeps passphrase for 5 minutes?!!!!<br>
> No! No! No! I never use as it!! I want enter passphrase for each request!<br>
> I prefer not to encrypt the unimportant information instead of making my<br>
> important data insecure even for one minute.<br>
><br>
> ------------------------------<wbr>---<br>
> *وحید معانی*<br>
> *Vahid Ma'ani*<br>
> <a href="mailto:Vahid.Maani@gmail.com">Vahid.Maani@gmail.com</a> <mailto:<a href="mailto:Vahid.Maani@gmail.com">Vahid.Maani@gmail.com</a>> | <a href="http://gnutips.ir" rel="noreferrer" target="_blank">gnutips.ir</a><br>
> <<a href="http://gnutips.ir" rel="noreferrer" target="_blank">http://gnutips.ir</a>><br>
><br>
><br>
><br>
> On Dec 31, 2016 10:13 PM, "Brian Candler" <<a href="mailto:b.candler@pobox.com">b.candler@pobox.com</a><br>
> <mailto:<a href="mailto:b.candler@pobox.com">b.candler@pobox.com</a>>> wrote:<br>
><br>
> On 31/12/2016 11:04, Vahid Ma'ani wrote:<br>
><br>
> "grep" option search content of crypted files and i should type<br>
> passphrase some times for each search.<br>
><br>
><br>
> Not if you use gpg-agent. It keeps your passphrase for 5 minutes.<br>
><br>
> gpg-agent is invaluable for certain operations on the repo. For<br>
> example, using "pass init" to change the set of keys that the<br>
> passwords are encrypted for - it has to decrypt and re-encrypt every<br>
> single file. And indeed, you don't want to have to type your<br>
> passphrase for every one :-)<br>
><br>
><br>
><br>
> ______________________________<wbr>_________________<br>
> Password-Store mailing list<br>
> <a href="mailto:Password-Store@lists.zx2c4.com">Password-Store@lists.zx2c4.com</a><br>
> <a href="https://lists.zx2c4.com/mailman/listinfo/password-store" rel="noreferrer" target="_blank">https://lists.zx2c4.com/<wbr>mailman/listinfo/password-<wbr>store</a><br>
><br>
</blockquote></div></div>