Is a PGP-based password manager a good idea in 2019?
Lenz Weber
mail at lenzw.de
Thu Aug 29 11:36:12 CEST 2019
GPG doesn't get a lot love because it has a lot of backwards
compatibility with algorithms that shouldn't be used any more and the
APIs and CLI tools are a mess of UX.
The second part is completely mitigated by using pass - you get a
simple, clear CLI interface that is almost impossible to mis-use.
The first part is partially on you: if you create a gpg key with very
weak encryption, you've got a problem.
But if you create a modern GPG key, you're perfectly fine. The
cryptography of modern algorithms in GPG is not part of that debate as
far as I know.
On 8/29/19 11:24 AM, Sylvia Gough wrote:
> First, I'd like to thank Jason for all the amazing crypto work he's
> been doing.
>
> Now to my question. I'm considering using pass as my password manager,
> and security is obviously a top concern for this roll. I know that
> pass is using GPG under the hood, and as far as I can see GPG doesn't
> get much love among cryptographers[1][2].
>
> What's your opinion about this?
>
> [1]: https://latacora.micro.blog/2019/07/16/the-pgp-problem.html
> [2]: https://blog.filippo.io/giving-up-on-long-term-pgp/
>
> _______________________________________________
> Password-Store mailing list
> Password-Store at lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/password-store
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20190829/5026859e/attachment.html>
More information about the Password-Store
mailing list