[pass] Simple password store

Timmo Verlaan tverlaan at gmail.com
Mon Feb 1 13:52:01 CET 2016


In all honesty and with respect to this project and it's contributors. This
mailinglist doesn't seem the right place to develop *another* password
manager. I do see reasons to announce/mention/compare other projects since
that would be relevant to some extent. But as I see it that's fulfilled now
and if people are still interested in this project you are free to create a
communication channel for this project for which there are a lot of
alternatives (since you're on github I can recommend the github issue
tracker and PR system). Please do announce this so people can follow if
they want to.

I'm not maintaining this mailing list and I am in no position to tell
anyone what to post or what not. I am just a user who cares about the
discussion on this list and this doesn't seem like the right place to me. I
hope I'm not offending anyone as that is not my intention at all. Also, if
the majority(?) disagrees please disregard my comment and continue.

Best regards and good luck!

-- 
Timmo


On Mon, Feb 1, 2016 at 11:34 AM Dashamir Hoxha <dashohoxha at gmail.com> wrote:

> On Fri, Jan 29, 2016 at 5:11 PM, Kevin Lyda <kevin at ie.suberic.net> wrote:
>
>> On Fri, Jan 29, 2016 at 3:16 PM Dashamir Hoxha <dashohoxha at gmail.com>
>> wrote:
>>
>>> On Fri, Jan 29, 2016 at 11:16 AM, Kevin Lyda <kevin at ie.suberic.net>
>>> wrote:
>>>
>>>> I have no idea why you want to do this since your shell already has
>>>> completion. Not sure of the win here.
>>>>
>>> I want to ask user for the passphrase only once, save it in a variable,
>>>
>>
>> I'll admit it, I lied. I guessed you were going to do something like that.
>>
>> Just so I can sleep at night with a clean conscience, you're aware that
>> is a horribly bad idea to do, yes? There's a good chance your password
>> could end up in a swap file or in a core file. A root user can just do "ps
>> auxwwe". And I assume you're passing that password in via the command line
>> so a well timed ps by *any* user will get your password.
>>
>
> Now I am passing the passphrase from stdin, using the option
> `--passphrase-fd 0` of gpg:
>
> https://github.com/dashohoxha/pw/commit/2a567e11bf56943446d28be83b7777b3e71b99f7#diff-1a5b08bb94541dc292409e7e18b9c3eaL22
>
> After trying lots of other things, I was lucky to find this:
>
> http://stackoverflow.com/questions/19895122/how-to-use-gnupgs-passphrase-fd-argument
>
> I think that at least "ps auxwwe" is not an issue now. Is it?
>
> _______________________________________________
> Password-Store mailing list
> Password-Store at lists.zx2c4.com
> http://lists.zx2c4.com/mailman/listinfo/password-store
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20160201/c094de45/attachment.html>


More information about the Password-Store mailing list