[PATCH] Document known limitations
HacKan
hackan at gmail.com
Fri Feb 24 22:33:45 CET 2017
is it me or the patch is incomplete? "makes it trivial to compute the
length of the" (!)
On 02/24/2017 12:02 PM, Thibault Polge wrote:
> This patch adds a “Known Limitations” section near the end of the man
> page. It briefly documents two properties of pass:
>
> 1. That the folder structure is not encrypted at all, but only the
> contents of password files;
> 2. That the encryption system makes it trivial to compute the size of
> clear text from the encrypted data.
>
> Although these limitations are obvious (for the first one) or not really
> problematic (for the second), I believe they deserve to be documented.
> Since pass aims to follow the “Unix philosophy” of “do one thing and do
> it well”, the exact range of the uses it may be put to beyond password
> management can't be guessed /a priori/; and thus the documentation
> should make it clear what the program what is designed to do, and what
> it isn't.
>
> Best regards,
> Thibault
>
> ---
> man/pass.1 | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/man/pass.1 b/man/pass.1
> index 71bfc7e..fee19b5 100644
> --- a/man/pass.1
> +++ b/man/pass.1
> @@ -462,6 +462,13 @@ The \fBinit\fP command will keep signatures of \fB.gpg-id\fP files up to date.
> .TP
> .I EDITOR
> The location of the text editor used by \fBedit\fP.
> +.SH KNOWN LIMITATIONS
> +The hierarchy of password names is stored as a plain text folder
> +structure. Pass itself does nothing to conceal the names you give to
> +your keys or to the folder structure which contains them.
> +
> +Pass also does nothing to hide the size of the data it encrypts. The
> +design of OpenPGP makes it trivial to compute the length of the
> .SH SEE ALSO
> .BR gpg2 (1),
> .BR tr (1),
> --
> 2.11.0
> _______________________________________________
> Password-Store mailing list
> Password-Store at lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/password-store
--
HacKan || Iván
GPG: 0x35710D312FDE468B
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20170224/b97b59f6/attachment.html>
More information about the Password-Store
mailing list