[pass] GPG Compression and Authenticity
Jason A. Donenfeld
Jason at zx2c4.com
Thu Mar 20 08:12:14 CET 2014
On Wed, Mar 19, 2014 at 8:06 AM, Alfredo Pironti
<alfredo.pironti at inria.fr> wrote:
> Using git-level signature ensures integrity of the data on the remote
> repository, but not of the local data. Hence, you get protection from
> attackers controlling a git repository, but not from attackers being able to
> write into your home directory. If you want to protect also from local
> attackers, then pass-level signature seems to be required.
Actually, pass already protects from an attacker modifying to my
password store directory: line 7 of password-store.sh is "umask 077".
If an attacker can bypass this, he likely already has root access and
could just as easily snatch my passphrases from memory or other
things. Or, if an attacker has an arbitrary file-swap primitive, he
likely could use that for privilege escalation anyway, and then read
passphrases from memory. Alternatively, if an attacker has access to
my filesystem, he could even modify my web browser or gpg binary. Or a
variety of other attacks. Thus, I'm not sure that your attack model
really makes sense. Please correct me if I'm wrong.
More information about the Password-Store