[PATCH] Document known limitations

Thibault Polge thibault at thb.lt
Fri Feb 24 16:02:52 CET 2017


This patch adds a “Known Limitations” section near the end of the man
page.  It briefly documents two properties of pass:

 1. That the folder structure is not encrypted at all, but only the
    contents of password files;
 2. That the encryption system makes it trivial to compute the size of
    clear text from the encrypted data.

Although these limitations are obvious (for the first one) or not really
problematic (for the second), I believe they deserve to be documented.
Since pass aims to follow the “Unix philosophy” of “do one thing and do
it well”, the exact range of the uses it may be put to beyond password
management can't be guessed /a priori/; and thus the documentation
should make it clear what the program what is designed to do, and what
it isn't.

Best regards,
Thibault

---
 man/pass.1 | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/man/pass.1 b/man/pass.1
index 71bfc7e..fee19b5 100644
--- a/man/pass.1
+++ b/man/pass.1
@@ -462,6 +462,13 @@ The \fBinit\fP command will keep signatures of \fB.gpg-id\fP files up to date.
 .TP
 .I EDITOR
 The location of the text editor used by \fBedit\fP.
+.SH KNOWN LIMITATIONS
+The hierarchy of password names is stored as a plain text folder
+structure. Pass itself does nothing to conceal the names you give to
+your keys or to the folder structure which contains them.
+
+Pass also does nothing to hide the size of the data it encrypts. The
+design of OpenPGP makes it trivial to compute the length of the
 .SH SEE ALSO
 .BR gpg2 (1),
 .BR tr (1),
--
2.11.0


More information about the Password-Store mailing list