[pass] Encrypt filenames in the store

Lenz Weber mail at lenzw.de
Sun Feb 14 18:43:06 CET 2016 

If you do not trust your remote, you might as well just encrypt the remote:
https://github.com/joeyh/git-remote-gcrypt/

Am 14.02.2016 um 17:54 schrieb franklin_wei:
> I don't understand what you mean by the "tree file."
>
> The main purpose behind this would be to make it safer to push your
> passwords to an untrusted remote.
>
> Sent from ProtonMail <https://protonmail.ch>, encrypted email based in
> Switzerland.
>
>
>> -------- Original Message --------
>> Subject: Re: [pass] Encrypt filenames in the store
>> Local Time: February 13, 2016 8:37 pm
>> UTC Time: February 14, 2016 1:37 AM
>> From: the_jinx at etv.cx
>> To: franklin_wei at protonmail.com,password-store at lists.zx2c4.com
>>
>> The tree file would still have to be readable for all the recipients
>> of all the "folders" and how would you store the (currently
>> per-folder) .gpg-id files?
>>
>> This sounds very incompatible with some of the pass ideas by nature.
>>
>> On 14 February 2016 02:33:56 CET, franklin_wei
>> <franklin_wei at protonmail.com> wrote:
>>
>>     Hello,
>>
>>     I'd like to propose a method for implementing this idea without
>>     destroying the whole idea behind pass. It goes as follows:
>>
>>     1) Every new password entry is stored in a sequential filename.
>>     (0.gpg, 1.gpg, etc.)
>>     2) There is a single global, encrypted, "key" entry that contains
>>     a list of mappings from entry names to filenames.
>>
>>     This would make it difficult for an attacker to glean any
>>     meaningful information from password names, while still making it
>>     reasonably easy to manage passwords.
>>
>>     Thank you
>>
>>     Sent from ProtonMail <https://protonmail.ch>, encrypted email
>>     based in Switzerland.
>>
>>
>>     ------------------------------------------------------------------------
>>     Password-Store mailing list
>>     Password-Store at lists.zx2c4.com
>>     http://lists.zx2c4.com/mailman/listinfo/password-store 
>>
>> -- 
>> Sent from my Android device with K-9 Mail. Please excuse my brevity. 
>
> _______________________________________________
> Password-Store mailing list
> Password-Store at lists.zx2c4.com
> http://lists.zx2c4.com/mailman/listinfo/password-store
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20160214/23a4f8de/attachment.html>

More information about the Password-Store mailing list