[pass][new feature] item information
Lenz Weber
mail at lenzw.de
Sat Dec 31 20:55:14 CET 2016
You do realize that an atacker that is deep enough in your system to
exploit your cached password also could just log your keystrokes as you
type the password? (More reliably if you do so very often)
Of course using a low timeout is useful if you leave your PC unlocked a
lot, but not caching at all will not save you from most attacks.
Am 31.12.2016 um 20:20 schrieb Vahid Ma'ani:
> It keeps passphrase for 5 minutes?!!!!
> No! No! No! I never use as it!! I want enter passphrase for each request!
> I prefer not to encrypt the unimportant information instead of making my
> important data insecure even for one minute.
>
> ---------------------------------
> *وحید معانی*
> *Vahid Ma'ani*
> Vahid.Maani at gmail.com <mailto:Vahid.Maani at gmail.com> | gnutips.ir
> <http://gnutips.ir>
>
>
>
> On Dec 31, 2016 10:13 PM, "Brian Candler" <b.candler at pobox.com
> <mailto:b.candler at pobox.com>> wrote:
>
> On 31/12/2016 11:04, Vahid Ma'ani wrote:
>
> "grep" option search content of crypted files and i should type
> passphrase some times for each search.
>
>
> Not if you use gpg-agent. It keeps your passphrase for 5 minutes.
>
> gpg-agent is invaluable for certain operations on the repo. For
> example, using "pass init" to change the set of keys that the
> passwords are encrypted for - it has to decrypt and re-encrypt every
> single file. And indeed, you don't want to have to type your
> passphrase for every one :-)
>
>
>
> _______________________________________________
> Password-Store mailing list
> Password-Store at lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/password-store
>
More information about the Password-Store
mailing list