[pass] Adding support for symmetric encryption

Lenz Weber mail at lenzw.de
Tue Jan 26 13:23:58 CET 2016


Adding something new may be fine, although I have no say in what is
going to be accepted and the mainainer is not often seen around here.
But I can tell you with high certainty that a change like this, which
breaks pass in the way it worked before (and a lot of tools are relying
on that behaviour) will not get accepted.

On the topic why you are introducing all this, I'm not convinced it
would be a good idea.  Your reasons are that it is "easier, stronger and
simpler".
Easier and simpler may apply, but the selling point of pass is that it
is a console password manager with a gpg backend. People looking for
pass want to use gpg - and symmetric encrption is, at best, an edge case
of gpg usage.

Stronger: I do not agree with you. The only way to make it stronger
would be a passphrase that is longer than your asymetric private key. I
don't believe anyone uses a passphrase that is >4096 bits long. The
weakest part is always the passphrase.
But in the asymmetric scenario, an attacker would need the passphrase
AND the key file. In the symmetric scenario, he just needs your passphrase.

Regards,
Lenz

On 26.01.2016 08:18, Dashamir Hoxha wrote:
> Hi,
>
> This works, as a proof of concept:
> https://github.com/dashohoxha/password-store/commit/e8f6ab50150a156f8736467bcce7a164d4253886
>
> If the variable $PASSWORD_STORE_GPG_ENCRYPTION
> is set to 'asymmetric', it will work as usual.
> Otherwise it will use the symmetric encryption.
>
> However I am not satisfied with this. Having to set the variable
> PASSWORD_STORE_GPG_ENCRYPTION is a bit awkward.
> There must be a better way. For example, we can check for the
> presence of the file '.gpg-id'. If it is there, assume asymmetric
> encryption, otherwise, assume symmetric encryption.
>
> What do you think?
>
> Dashamir
>
>
> _______________________________________________
> Password-Store mailing list
> Password-Store at lists.zx2c4.com
> http://lists.zx2c4.com/mailman/listinfo/password-store

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20160126/383daed4/attachment.html>


More information about the Password-Store mailing list