[pass] Adding support for symmetric encryption

Allan Odgaard lists+pass at simplit.com
Tue Jan 26 17:52:25 CET 2016


On 26 Jan 2016, at 23:03, Matthieu Weber wrote:

> On Tue 26.01.2016 at 10:14:46PM +0700, Allan Odgaard wrote:
>> Furthermore, even with a 12 byte passphrase, it is user generated,
>> so it is unlikely to be truly random, which decrease the search
>> space (often significantly).
>
> http://world.std.com/~reinhold/diceware.html solves that problem.

This is basically suggesting 25-30 throws of the dice for a truly random 
password resulting in 65-77 bit keys: log2((6^5)^5)

The “dicelist” is there to make it possible for people to remember a 
65-77 bit random number, but good luck convincing people to use this 
scheme and also to have them generate a new passphrase for each new 
application.

>> So in practice, I think asymmetric encryption is the better/stronger
>> choice.
>
> You only displace the problem, by having to protect your private key
> with a passphrase.

Which is still better since an attacker will need to steal your key 
before they can brute-force your passphrase, and if you are worried 
about this, you can move the key to a physical token, so now this 
physical token needs to be stolen for someone to decrypt your files, and 
this physical token can have its own security requiring specialized 
tools in order to break them.


More information about the Password-Store mailing list