Password Mapping
Tobias Girstmair
junkgir-passwd at yahoo.de
Sun Feb 12 22:04:17 CET 2017
There has been some discussion this month about using tomb[1] in combination with pass; this might be what you are looking for.
About the "security through obscurity": I think this is a valid concern; the homepage[2] does address this partially with storing user names in `.meta` files (which extensions might not support). I for example don't want e.g my employer to know that I have a Grindr account.
[1] https://lists.zx2c4.com/pipermail/password-store/2017-February/002716.html
[2] https://www.passwordstore.org/#organization
Brian Candler <b.candler at pobox.com> schrieb am 21:49 Sonntag, 12.Februar 2017:
On 12/02/2017 20:40, Johannes Marbach wrote:
>
> I think this potentially increases the surface for an attacker. Even
> though the files are still securely encrypted, I wouldn't even want
> someone to know that I have e.g. a Visa credit card or a gmail account.
>
Otherwise known as "security through obscurity". This is not how pass
works; if you need this, either do it at a different layer (e.g. encfs),
or maybe a different tool is more appropriate.
>
> I'd really like to hear people's thoughts on this.
>
It was already discussed in detail just over the last week. See thread
starting at
https://lists.zx2c4.com/pipermail/password-store/2017-February/002700.html
_______________________________________________
Password-Store mailing list
Password-Store at lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/password-store
More information about the Password-Store
mailing list