[pass] JS client for password-store

Matthew Cengia mattcen at gmail.com
Wed Jun 18 00:57:54 CEST 2014

On 2014-06-17 18:52, Kevin Cox wrote:
> As for the security aspect I am not a security expert/cryptographer in
> any ways but I don't see any major security issue.  The main problem is
> that you are keeping things on an insecure device that you are carrying
> around with you. ...

And potentially plugging into untrusted (shared) computers, on which
you're going to decrypt your passwords. I wouldn't be doing anything
like this; you're basically inviting somebody who's installed malware on
that internet cafe PC to have a look at the password you just decrypted.
The least bad solution in this scenario is to use Tails
(https://tails.boum.org/). It will have gpg, and won't be hard to
install 'pass' on I suspect.

Matthew Cengia
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 966 bytes
Desc: Digital signature
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20140618/79d6f978/attachment.asc>

More information about the Password-Store mailing list