[pass] Encrypt filenames in the store

franklin_wei franklin_wei at protonmail.com
Sun Feb 14 23:39:54 CET 2016


I see what you mean now.

Would be possible to store a per-directory 'key' entry, and just leave directory names in the clear so you can still organize your passwords into a hierarchy without leaking too much information?

It seems to me that category names might not be too sensitive ("email", "business"), but password names can be ("someone at example.com").

As for git-remote-gcrypt, I don't think it covers all the bases such as when a disk falls into the wrong hands.

Sent from [ProtonMail](https://protonmail.ch), encrypted email based in Switzerland.



-------- Original Message --------
Subject: Re: [pass] Encrypt filenames in the store
Local Time: February 14, 2016 12:42 pm
UTC Time: February 14, 2016 5:42 PM
From: mail at lenzw.de
To: password-store at lists.zx2c4.com



If you do not trust your remote, you might as well just encrypt the remote:
https://github.com/joeyh/git-remote-gcrypt/

Am 14.02.2016 um 17:54 schrieb franklin_wei:

I don't understand what you mean by the "tree file."

The main purpose behind this would be to make it safer to push your passwords to an untrusted remote.

Sent from [ProtonMail](https://protonmail.ch), encrypted email based in Switzerland.



-------- Original Message --------
Subject: Re: [pass] Encrypt filenames in the store
Local Time: February 13, 2016 8:37 pm
UTC Time: February 14, 2016 1:37 AM
From: the_jinx at etv.cx
To: franklin_wei at protonmail.com,password-store at lists.zx2c4.com

The tree file would still have to be readable for all the recipients of all the "folders" and how would you store the (currently per-folder) .gpg-id files?

This sounds very incompatible with some of the pass ideas by nature.


On 14 February 2016 02:33:56 CET, franklin_wei [<franklin_wei at protonmail.com>](mailto:franklin_wei at protonmail.com) wrote:

Hello,

I'd like to propose a method for implementing this idea without destroying the whole idea behind pass. It goes as follows:

1) Every new password entry is stored in a sequential filename. (0.gpg, 1.gpg, etc.)
2) There is a single global, encrypted, "key" entry that contains a list of mappings from entry names to filenames.

This would make it difficult for an attacker to glean any meaningful information from password names, while still making it reasonably easy to manage passwords.

Thank you

Sent from [ProtonMail](https://protonmail.ch), encrypted email based in Switzerland.




------

Password-Store mailing list
Password-Store at lists.zx2c4.com
http://lists.zx2c4.com/mailman/listinfo/password-store

--
Sent from my Android device with K-9 Mail. Please excuse my brevity.

_______________________________________________ Password-Store mailing list Password-Store at lists.zx2c4.com http://lists.zx2c4.com/mailman/listinfo/password-store
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20160214/4926cfb6/attachment.html>


More information about the Password-Store mailing list