[pass] Identifying Old Passwords

[Paul Schwendenman]

On Sun, Aug 30, 2015 at 9:28 PM, Paul Schwendenman <
schwendenman.paul at gmail.com> wrote:

> Hi All:
>
> I was wondering how you identify passwords that haven't been changed in a
> while.
>
> Maybe someone has a better solution but this is what I came up with:
>
> git ls-tree -r HEAD --name-only -z | xargs -0 -n1 -I{} sh -c 'echo {}; \
>    git log -n1 --format="%at:%ar" -- {}' | paste - - -d: | sort -k 2 -t: |
> \
>    cut -d: -f1,3- | column -t -s:
>
> My solution is mildly naive because it doesn't look for changes to the
> first line, which is where passwords are normally stored.  But for my use I
> think it does the job.
>
> Is this a feature that people might want built in to pass? If so, I would
> be willing to try making and submitting a patch. Also I would enjoy any
> feedback you might have.
>
> Thanks for reading,
> Paul
>


Out of curiosity I tweaked the line to check git blame for the last commit
to change the first line

 git ls-tree -r HEAD --name-only -z | xargs -0n1 -I{} sh -c 'echo {}; git
blame -L 1,1 -- {}' | \
sed 's/\^//g' | paste - - -d, | cut -f1 -d" " | awk 'BEGIN{FS=",";OFS=",";}
{print $2,$1}' | \
sed 's/,/ -- /' | xargs -n3 -I{} sh -c 'echo {}; git log -n1
--format="%at:%ar" {}' | \
paste - - -d: | cut -f 3- -d" " | sort -k 2 -t: | cut -d: -f1,3- | column
-t -s:

Note: you will have to configure git to use gpg with blame
git config --local blame.gpg.binary true
git config --local blame.gpg.textconv "gpg -d --quiet --yes
--compress-algo=none --no-encrypt-to"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20150902/2b3582d3/attachment.html>