[pass] Possible improvements

Dashamir Hoxha dashohoxha at gmail.com
Sat Jan 23 15:03:31 CET 2016


Why do you use asymmetric encryption (public/private keys).
I think that symmetric encrypion is easier, stronger, and simpler
(you don't need to generate and maintain a key, all you need is
a passphrase). It can be done with `gpg -c ...`.

Second issue: I think that it is not good that the structure of
directories, subdiretories and files is visible and unencrypted,
because it does give out some information about which sites
you are using. Is it not possible to create an archive (tar) file
of this directory and to encrypt this archive file? Then you can
decrypt it when you need to change or read something.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20160123/6f361ff8/attachment.html>

More information about the Password-Store mailing list