[PATCH] Document known limitations

HacKan hackan at gmail.com
Fri Feb 24 22:33:45 CET 2017


is it me or the patch is incomplete? "makes it trivial to compute the
length of the" (!)


On 02/24/2017 12:02 PM, Thibault Polge wrote:
> This patch adds a “Known Limitations” section near the end of the man
> page.  It briefly documents two properties of pass:
>
>  1. That the folder structure is not encrypted at all, but only the
>     contents of password files;
>  2. That the encryption system makes it trivial to compute the size of
>     clear text from the encrypted data.
>
> Although these limitations are obvious (for the first one) or not really
> problematic (for the second), I believe they deserve to be documented.
> Since pass aims to follow the “Unix philosophy” of “do one thing and do
> it well”, the exact range of the uses it may be put to beyond password
> management can't be guessed /a priori/; and thus the documentation
> should make it clear what the program what is designed to do, and what
> it isn't.
>
> Best regards,
> Thibault
>
> ---
>  man/pass.1 | 7 +++++++
>  1 file changed, 7 insertions(+)
>
> diff --git a/man/pass.1 b/man/pass.1
> index 71bfc7e..fee19b5 100644
> --- a/man/pass.1
> +++ b/man/pass.1
> @@ -462,6 +462,13 @@ The \fBinit\fP command will keep signatures of \fB.gpg-id\fP files up to date.
>  .TP
>  .I EDITOR
>  The location of the text editor used by \fBedit\fP.
> +.SH KNOWN LIMITATIONS
> +The hierarchy of password names is stored as a plain text folder
> +structure. Pass itself does nothing to conceal the names you give to
> +your keys or to the folder structure which contains them.
> +
> +Pass also does nothing to hide the size of the data it encrypts. The
> +design of OpenPGP makes it trivial to compute the length of the
>  .SH SEE ALSO
>  .BR gpg2 (1),
>  .BR tr (1),
> --
> 2.11.0
> _______________________________________________
> Password-Store mailing list
> Password-Store at lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/password-store

-- 
HacKan || Iván
GPG: 0x35710D312FDE468B

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20170224/b97b59f6/attachment.html>


More information about the Password-Store mailing list