Password Mapping

Kevin Cox kevincox at kevincox.ca
Mon Feb 13 00:23:45 CET 2017


On Feb 12, 2017 12:49, "Brian Candler" <b.candler at pobox.com> wrote:

On 12/02/2017 20:40, Johannes Marbach wrote:

>
> I think this potentially increases the surface for an attacker. Even
> though the files are still securely encrypted, I wouldn't even want someone
> to know that I have e.g. a Visa credit card or a gmail account.
>
> Otherwise known as "security through obscurity".  This is not how pass
works; if you need this, either do it at a different layer (e.g. encfs), or
maybe a different tool is more appropriate.


To be fair this provides plausible deniability which does have value. For
example the US government is threatening to start asking for social media
accounts and possible passwords when entering the country. If you claim not
to have an account but they search your computer and find the password
entry you are going to be in trouble.

That being said I agree that pass isn't the tool for this, or at the very
least that you should be using a tool on top of pass.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20170212/f61174a1/attachment.html>


More information about the Password-Store mailing list