[pass] Password age report

Daniel Dörrhöfer ddo at openmailbox.org
Wed Aug 31 21:09:25 CEST 2016

On 31.08.2016 19:02, Kjetil Torgrim Homme wrote:
> Den 31. aug. 2016 17:48, Brian Candler skreiv:
>> On 31/08/2016 16:43, Emile Cantin wrote:
>>> In light of the recent Dropbox leak, I wanted to know how old my
>>> password was, and perhaps if I had any other old passwords that would
>>> be due for a rotation. I don't think I can rely on the last
>>> modification date on the files, as a fresh clone of my repo would have
>>> today's date, even if the file was last modified in my repo in 2012. I
>>> looked into how to do this with Git, but it's pretty
>>> ungainly: http://serverfault.com/questions/401437/how-to-retrieve-the-last-modification-date-of-all-files-in-a-git-repository
>>> Keepass has an "expiration date" field which you can set when
>>> generating a password, and it appears in a different color in the list
>>> when expired.
>>> I think password age is a relevant metric for a password manager, but
>>> pass doesn't currently offer any visibility into this.
>>> What do you think?
>> This is (another) reason why it would be good if pass were to sign its
>> GPG files. The signature includes a timestamp.
> re-encrypting the files to a new set of keys will make a new signature.
> you need to make the date part of the password file itself, or have pass
> maintain some metadata in a separate file, e.g., "work/supplier.gpg"
> could have a companion file "work/.meta.supplier.gpg", containing:
>   created: 2015-03-02T14:25:02+0200
>   updated: 2016-08-31T18:55:32+0200
>   expire: never
> the above syntax is valid YAML which can be useful if more complex
> structures are wanted later.
> it might be useful to allow encryption of the metadata to be optional.

I like the git way of checking it. This is how to get a complete history
of dropbox.com.

pass git log --pretty="%s %Cgreen %cr %Creset" | grep dropbox.com

Of course signature is an additional security.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20160831/b3ff8aaa/attachment.asc>

More information about the Password-Store mailing list