encrypted file and directory names?
Adam Spiers
pass at adamspiers.org
Sat Feb 4 18:50:46 CET 2017
Hi all,
I was delighted to discover this project recently. It seems to be
almost exactly the perfect solution needed to avoid the unpleasant
situation of being reliant on a proprietary password manager.
There is one feature which I consider pretty essential, and as far as
I can see, it's not supported by pass yet, which is to keep the entire
metadata encrypted, including the directory names and file names.
Without this it doesn't seem to provide 100% privacy protection, since
for example it potentially exposes which websites you use. Is that
right, or am I missing something?
If I'm right, would this be an easy thing to solve architecturally?
For example, the directory names and file names could be converted
into some kind of digest (e.g. SHA-256), and then a mapping between
digests and the original names could be tracked in a separate
encrypted file at the top level of the store.
Thanks!
Adam
More information about the Password-Store
mailing list