Is a PGP-based password manager a good idea in 2019?

Amir Yalon quoiceehoh-20180826 at yxejamir.net
Thu Aug 29 12:25:35 CEST 2019


I agree with what Lenz Weber wrote. For example, one particular drawback mentioned in those articles is actually a requirement for the Pass use case, i.e. long term key storage. In order to access your passwords later, you can’t have forward secrecy.

I personally haven’t done this yet, but the right way to follow best practices with Pass is to periodically start using a new PGP encryption key (or sub key) and change all the passwords. That way, access to the old key does not grant access to all the rotated passwords. This also gives the opportunity to keep up with contemporary recommendations for choosing an encryption suit.


More information about the Password-Store mailing list