[pass] [PATCH] show age of password

Tijn Schuurmans tijn.schuurmans at gmail.com
Thu Jul 30 20:32:13 CEST 2015


On 26-07-15 19:15, Kevin Cox wrote:
> On 26/07/15 09:38, Steffen Vogel wrote:
>>> I’d suggest do add the passwords age
>>> when it is copied to the clipboard.
>>>
>>>     $ pass show -c Password
>>>     Copied Password (last change 2015-07-27) to clipboard. Will clear
>>>     in 45 seconds.
>>>
>>> I don’t know anything about the code and side effects. What do you think?
>> I don’t think this is a nice idea:
>>
>> To get the modification data of the first line (e.g. the password), we must decrypt usually more than 1 revision.
>> I’m using a hardware token (Yubikey) to decrypt the GPG files. This takes considerably longer.
> You would also consider things such as renames. I think that this isn't
> a great feature because it is easy to misunderstand it. If you actually
> want the time the password itself was created you would need more
> metadata, for example `pass generate` could add a "Generated At"
> property. But I think that assuming that the last time a file was
> updated is equal to the last time a password was changed is a poor idea.
>
> If the wording was chosen to be more explicit I don't think this would
> be dangerous but I still doubt its usefulness.
Yes, it does assume you don't change the file name. Maybe we can extend 
it somehow to follow file name changes that git know about... that might 
be a good idea!

However, I think it's perfectly reasonable to work with the current 
assumptions. It is clear that pass cannot know anything about the 
history of a password before you imported it from another password 
manager (for example). I am using it to rotate my passwords every now 
and then and for that it suffices.

By the way: my patch is actually looking at the first line of the file, 
not at the timestamps of the files.

Keeping a time stamp together with a password is probably not such a 
good idea because sooner or later the two *will* get out of sync.

Which wording can I improve? Do you mean the term "age" or are you 
referring to Steffen's "last change" or maybe my cmd_usage text?

Regards,
Tijn



More information about the Password-Store mailing list