[pass] Simple password store
Dashamir Hoxha
dashohoxha at gmail.com
Fri Jan 29 17:44:46 CET 2016
On Fri, Jan 29, 2016 at 5:11 PM, Kevin Lyda <kevin at ie.suberic.net> wrote:
> On Fri, Jan 29, 2016 at 3:16 PM Dashamir Hoxha <dashohoxha at gmail.com>
> wrote:
>
>> On Fri, Jan 29, 2016 at 11:16 AM, Kevin Lyda <kevin at ie.suberic.net>
>> wrote:
>>
>>> I have no idea why you want to do this since your shell already has
>>> completion. Not sure of the win here.
>>>
>> I want to ask user for the passphrase only once, save it in a variable,
>>
>
> I'll admit it, I lied. I guessed you were going to do something like that.
>
> Just so I can sleep at night with a clean conscience, you're aware that is
> a horribly bad idea to do, yes? There's a good chance your password could
> end up in a swap file or in a core file. A root user can just do "ps
> auxwwe". And I assume you're passing that password in via the command line
> so a well timed ps by *any* user will get your password.
>
No, I am not a security expert, so I am not aware of it. But it doesn't
seem so terrible to me.
I think that the chances for getting it by `ps auxwwe` are very low.
Especially if you are the
only user of the system.
But in the end the users can choose for themselves what is the right
tradeoff between
the security and convenience.
>
> And generally all these issues are why symmetric encryption is a terrible
> idea for this.
>
But maybe the core dump or swap file issue applies to gpg-agent as well...
>
> I get that you really want to do it. Just... it's a bad idea.
>
It is almost finished now, so I am not sure whether I should abandon it or
not.
Thanks for your help and feedback anyway.
Dashamir
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20160129/1a9d9777/attachment.html>
More information about the Password-Store
mailing list