[pass] JS client for password-store

Kevin Cox kevincox at kevincox.ca
Wed Jun 18 00:52:09 CEST 2014


On 17/06/14 17:40, eirc wrote:
> Hey there,
> 
> I only recently found out about the password store project and I quickly
> migrated all my stuff there :) The thing is I was also looking for a
> solution that would allow me to have my passwords available anywhere at
> anytime. Even where installing gpg may not be an option (other people's
> PCs, internet cafes) or even where an internet connection is not be
> available. So I went on and created a simple webpage interface around
> openpgpjs that I can carry around in a USB stick along with the
> encrypted data AND the private key.
> 
> So is this a security-wise viable solution? By not serving the page from
> a server most of network security concerns are immediately irrelevant
> and it's actually like a locally installed application but one that
> needs no install and will work on pretty much all OSs with a GUI and a
> browser.
> 
> There are a lot of rough edges right now but my first concern is whether
> it can be considered a truly secure solution.
> 
> And here's the link: https://github.com/eirc/pass.js
> 

Really neat idea.  I might try this out on my phone.

As for the security aspect I am not a security expert/cryptographer in
any ways but I don't see any major security issue.  The main problem is
that you are keeping things on an insecure device that you are carrying
around with you.  If someone got their hands on that they could modify
the code to send them all your passwords next time you use it.  There is
also the risk of having your private key on the USB but if you use a
strong passphrase it shouldn't be a big deal.


As far as I see the only risk is if someone else gets a hold of it, but
as I said I'm not an expert.

Looking forward to using it,
Kevin


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 278 bytes
Desc: OpenPGP digital signature
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20140617/bbb03db8/attachment.asc>


More information about the Password-Store mailing list