Password Mapping

Tobias Girstmair junkgir-passwd at yahoo.de
Sun Feb 12 22:04:17 CET 2017


There has been some discussion this month about using tomb[1] in combination with pass; this might be what you are looking for. 


About the "security through obscurity": I think this is a valid concern; the homepage[2] does address this partially with storing user names in `.meta` files (which extensions might not support). I for example don't want e.g my employer to know that I have a Grindr account. 




[1] https://lists.zx2c4.com/pipermail/password-store/2017-February/002716.html
[2] https://www.passwordstore.org/#organization


Brian Candler <b.candler at pobox.com> schrieb am 21:49 Sonntag, 12.Februar 2017:
On 12/02/2017 20:40, Johannes Marbach wrote:
>
> I think this potentially increases the surface for an attacker. Even 
> though the files are still securely encrypted, I wouldn't even want 
> someone to know that I have e.g. a Visa credit card or a gmail account.
>
Otherwise known as "security through obscurity".  This is not how pass 
works; if you need this, either do it at a different layer (e.g. encfs), 
or maybe a different tool is more appropriate.
>
> I'd really like to hear people's thoughts on this.
>
It was already discussed in detail just over the last week. See thread 
starting at
https://lists.zx2c4.com/pipermail/password-store/2017-February/002700.html


_______________________________________________
Password-Store mailing list
Password-Store at lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/password-store


More information about the Password-Store mailing list