thoughts about encrypting the paths / names in the tree

Alexandre Pujol alexandre at pujol.io
Mon May 11 20:32:04 CEST 2020


Hi,

Note: I am the author of pass-tomb.

I agree that pass-tomb has a few drawbacks. The lack of version control
support being one of them. However, if you do not share your
password-store that should not be a big issue. You can still synchronize
your tomb on a server (but not on a git server, yes).

Although it is a technical requirement, in terms of security, I like the
fact that the tomb size must be chosen at creation. It is a simple way
to hide the actual size of the password store. That said, the default of
10MB might be too small.

Regarding your system, it is not the first proposal of directory name
encryption [1]. The new approach here is that it creates a RAM drive.
Therefore, as Steve wrote, you end up creating a file system. Meaning,
something similar to an open tomb (with less metadata protection though).

I think it would end up being a **lot** of work for only git support and
various store size.


> On 11/05/2020 16:21, J Rt wrote:
> Thanks for your message :) I agree that some form of encrypted
> filesystem makes it much simpler, and this is more or less what
> pass-tomb does, right?

It is exactly what pass-tomb does. A tomb is only a dm-crypt volume
encrypted with the user gpgid.

> Also, in a sense, relying on an encrypted filesystem means
> that you have a lot of software under your feet, in a sense it is more
> self-contained to just use a few gpg tricks - this argument may be a
> bad / weak one though.

This is actually a feature: use standard, well-tested encryption system
that is already shipped with Linux. It also reduces the length of code
to write/maintain.

> I also wonder if it would be nice to have this functionality
> integrated in the 'core' pass. 

Neither pass-tomb nor an alternative tool will ever be integrated into
pass. Extension support has been made for the whole purpose of keeping
pass as small as possible. Furthermore, not everyone needs pass-tomb.

> It is a bit annoying with pass-tomb,
> this means yet-another-package to install, there are several repos on
> github that claim to be pass-tomb so that is confusing, etc. I also
> agree that this is a weak argument though.

There is an official package for Debian (pass-extension-tomb) and many
other distributions.

> - a pair of public / encrypted private keys is stored at the root of
> the store. This pair of keys is the 'name hiding' pair. The encrypted
> private key is encrypted using the master gpg key.
>

I think this is a bad idea, do not play (create) with users key in pass.


[1]
https://lists.zx2c4.com/pipermail/password-store/2017-February/002700.html

Regards,
Alex



More information about the Password-Store mailing list