From me at entrez.cc  Wed Oct  7 19:22:14 2020
From: me at entrez.cc (Michael Meyer)
Date: Wed, 07 Oct 2020 17:22:14 +0000
Subject: Extension for Diceware-style mnemonic passphrases
Message-ID: <20201007172211.lmags7zvrkrrhppa@rain.local>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hello everyone,

I wrote a small pass extension for generating mnemonic passphrases in 
lieu of the standard generated passwords, since I couldn't find an 
existing solution when I searched online.  It uses a customizable 
Diceware wordlist, like the ones provided by the EFF:

    https://www.eff.org/deeplinks/2016/07/new-wordlists-random-passphrases

The length of the passphrase in words and the character(s) used to 
separate each word can be specified.

The extension is available here:

    https://gitlab.com/entrez/pass-words

I haven't made a pass extension before and mostly put this together for 
my own use, so please let me know if there are serious problems with it 
- -- especially w/r/t the security of password generation.  It uses 
/dev/urandom to generate a random number, modulo the number of lines in 
the wordlist, to select each word when building the passphrase.

- - Michael Meyer
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEau/tqk0YEkf4B7L/I018NiIuApUFAl99+TsACgkQI018NiIu
ApWX6g//V/g5D+Do4WaS3pv4m0aATECFomNK2fgrqRSJtw8ykVhxUifHSyV4oYoU
mW8hqL/hom7LKLIm8N/kONTbHH8dINL/Xc6OI1twurxpoWTbi/wTCYo+wuMWF7/V
EbbHhz/Ovd7kpR39lR4xfaaW5KvIZFHOU/nlPa43Ki8HGK0iuSv2EnWtTP3iZFg6
+HEW8bTNDBniiVJC4W2Lh1PWq1AM5ZkaCtq0UhzIapRNWzwYRUUW9JDkRg0Snyqq
fBFeaiX8aelgRovn12hE3bm050l8GOXaCHNGWFI52OYhAUu6i9oN3IP9LmT1NcIB
SYVkM4tBakZo3lapfFeo8n7Uzqazyg0dBTVEjmg54VKf6nNkO2Ar6eUgB3WN/Rgz
/KhGDku86iIdJaYP/nJZL8Hu4V6KemOV1yMtgJWsubfyRN3Tm0fiV6Eh7SB2V78l
MvPkDhRBfnDZmRjv34TwSiQ5m+MImstVV2XibX75g26URk67pCiGb99iXnU07Of7
VuEyDRXEEzDIJS8M3675NBEUT8b+W65nWy5KHkA82CgjbzQwdKvX7oU+VqHaZd+m
bGTQY7FfUJACHXuojW2f36Zmuskmoh/HvT4jJXDkptFRvDxTNHM7DlaWC0fO00QR
ad8Xhios1wxCyIcIQrNugsoxOtdA4OANDhRFaR5NCEfrZ/UYK6I=
=GuBi
-----END PGP SIGNATURE-----


From rvp at SDF.ORG  Mon Oct 26 07:06:50 2020
From: rvp at SDF.ORG (RVP)
Date: Mon, 26 Oct 2020 06:06:50 +0000 (UTC)
Subject: Patch: password-store-1.7.3: ignore SIGHUP for non-interactive shells.
Message-ID: <alpine.NEB.2.22.394.2010260605590.28192@faeroes.freeshell.org>

We need to explicitly ignore SIGHUP in non-interactive shells, otherwise
bash will terminate us when, let's say, the xterm we're running in closes.
The built-in disown command won't do the job in a non-interactive shell.
(A bit of reading-between-the-lines of the man-page is needed here, as
this is not explicitly stated in bash(1).)

Test scripts:
1. This script, which relies on disown, will exit prematurely:
---
#!/usr/bin/env bash
#
# Run as: xterm -fn 10x20 -fg Ivory -bg Black -e ./sleep-disown.sh
#
# This version doesn't work because disown only works in an interactive
# shell. In non-interactive shells, like above, disown doesn't protect
# backgrounded jobs from termination on shell exit.

me=${0##*/}
(
  	# SIGHUP will be delivered; sleep is interrupted; script aborts.
  	trap '	echo "Start: $(date)" >> /tmp/$me.$$.txt
  		echo SIGHUP >> /tmp/$me.$$.txt
  	' HUP
  	sleep 60
  	echo "End: $(date)" >> /tmp/$me.$$.txt
) &
disown && echo disowned
echo 'Background job will not sleep for 60 secs if xterm exits.
Press RETURN to exit xterm.'
read x
---

2. This script, which ignores SIGHUP, will sleep for the correct length
of time:
---
#!/usr/bin/env bash
#
# Run as: xterm -fn 10x20 -fg Ivory -bg Black -e ./sleep-nohup.sh
#
# This works because background the job is protected from termination
# by "trap '' HUP". You can also use nohup(1) instead.

me=${0##*/}
(
  	trap '' HUP
  	echo "Start: $(date)" >> /tmp/$me.$$.txt
  	sleep 60
  	echo "End $(date)" >> /tmp/$me.$$.txt
) &
echo 'Background job will sleep for 60 secs even if xterm exits.
Press RETURN to exit xterm.'
read x
---

Patch for password-store-1.7.3 follows:

---START
--- pass.orig	2020-07-17 13:45:22.000000000 +0000
+++ pass	2020-10-06 23:08:41.159955217 +0000
@@ -157,6 +157,12 @@
   	local sleep_argv0="password store sleep on display $DISPLAY"
   	pkill -f "^$sleep_argv0" 2>/dev/null && sleep 0.5
   	local before="$(xclip -o -selection "$X_SELECTION" 2>/dev/null | $BASE64)"
+	# Explicitly ignore SIGHUP because "disown" only works in interactive shells.
+	# Otherwise, in non-interactive cases like "xterm -e passmenu" or "xterm -e pass",
+	# which are needed to supply a terminal for "pinentry-curses" (like when "pass"
+	# is called from "dmenu"), bash will kill xclip when the script finishes--ie.
+	# before $CLIP_TIME has elapsed.
+	trap '' HUP
   	echo -n "$1" | xclip -selection "$X_SELECTION" || die "Error: Could not copy data to the clipboard"
   	(
   		( exec -a "$sleep_argv0" bash <<<"trap 'kill %1' TERM; sleep '$CLIP_TIME' & wait" )
@@ -173,7 +179,7 @@
   		qdbus org.kde.klipper /klipper org.kde.klipper.klipper.clearClipboardHistory &>/dev/null

   		echo "$before" | $BASE64 -d | xclip -selection "$X_SELECTION"
-	) >/dev/null 2>&1 & disown
+	) >/dev/null 2>&1 &
   	echo "Copied $2 to clipboard. Will clear in $CLIP_TIME seconds."
   }

---END

Thanks,
RVP

From trs-80 at isnotmyreal.name  Tue Oct 27 19:22:49 2020
From: trs-80 at isnotmyreal.name (TRS-80)
Date: Tue, 27 Oct 2020 14:22:49 -0400
Subject: Test
Message-ID: <9f18ad96bcd47a9421edaa6fe0c8e69c@isnotmyreal.name>

Hallo,

I have had some trouble trying to post to the list immediately upon
joining (since yesterday), so I am trying to test first this time.

I am thinking that I should be receiving, but just cannot send.  And
therefore I should receive this, as (I think) I am subscribed to the
list (I completed confirmation process).  However, if you feel like
replying to confirm, it would be appreciated.

Cheers,

TRS-80

From ivasan7 at gmail.com  Tue Oct 27 19:28:10 2020
From: ivasan7 at gmail.com (=?UTF-8?B?U8OhbmRvciBJdsOhbmNzaWNz?=)
Date: Tue, 27 Oct 2020 19:28:10 +0100
Subject: Test
In-Reply-To: <9f18ad96bcd47a9421edaa6fe0c8e69c@isnotmyreal.name>
References: <9f18ad96bcd47a9421edaa6fe0c8e69c@isnotmyreal.name>
Message-ID: <CAHZMgUGGBG5UGg=OWLbuANPjo=0Vt6e8ckLU4dV5-CCMrNyr_w@mail.gmail.com>

Ping in PlainText.

Sandor


On Tue, 27 Oct 2020 at 19:24, TRS-80 <trs-80 at isnotmyreal.name> wrote:
>
> Hallo,
>
> I have had some trouble trying to post to the list immediately upon
> joining (since yesterday), so I am trying to test first this time.
>
> I am thinking that I should be receiving, but just cannot send.  And
> therefore I should receive this, as (I think) I am subscribed to the
> list (I completed confirmation process).  However, if you feel like
> replying to confirm, it would be appreciated.
>
> Cheers,
>
> TRS-80

From trs-80 at isnotmyreal.name  Tue Oct 27 19:28:49 2020
From: trs-80 at isnotmyreal.name (TRS-80)
Date: Tue, 27 Oct 2020 14:28:49 -0400
Subject: Test
In-Reply-To: <9f18ad96bcd47a9421edaa6fe0c8e69c@isnotmyreal.name>
References: <9f18ad96bcd47a9421edaa6fe0c8e69c@isnotmyreal.name>
Message-ID: <8b17908c05135176f3313377b506eff5@isnotmyreal.name>

On 2020-10-27 14:22, TRS-80 wrote:
> Hallo,
> 
> I have had some trouble trying to post to the list immediately upon
> joining (since yesterday), so I am trying to test first this time.
> 
> I am thinking that I should be receiving, but just cannot send.  And
> therefore I should receive this, as (I think) I am subscribed to the
> list (I completed confirmation process).  However, if you feel like
> replying to confirm, it would be appreciated.
> 
> Cheers,
> 
> TRS-80

OK, I received it!

And thanks to those who responded!

Sorry for the noise...

First "real" post to the list to follow...

Cheers,

TRS-80

From trs-80 at isnotmyreal.name  Tue Oct 27 19:42:31 2020
From: trs-80 at isnotmyreal.name (TRS-80)
Date: Tue, 27 Oct 2020 14:42:31 -0400
Subject: Test
In-Reply-To: <9f18ad96bcd47a9421edaa6fe0c8e69c@isnotmyreal.name>
References: <9f18ad96bcd47a9421edaa6fe0c8e69c@isnotmyreal.name>
Message-ID: <99b3efb15ce1bf235abd1cc7e507283c@isnotmyreal.name>

The problem, in case any one is interested, is that I think the list
must be set with a very strict filter on the sender's email address.

I was trying to send from pass.my_real_email which is not a real email
address (only the base part is, i.e., my_real_email; neither of which
I want to post in the body of a post on a mailing list).

I do this all the time though on other lists, and it has worked so
far.  I noticed that the email that shows up on the list is just the
base email.  But it does go through.  But not this time, apparently.

I have never handed out the base email address to anybody (until
today) and I really don't like doing so.  Need to come up with some
other solution, I guess.

Cheers,

TRS-80

From trs-80 at isnotmyreal.name  Tue Oct 27 19:48:17 2020
From: trs-80 at isnotmyreal.name (TRS-80)
Date: Tue, 27 Oct 2020 14:48:17 -0400
Subject: PGP, gpg-agent, and KDF criticisms?
Message-ID: <e9a3b10fdbfcb955dd2b71a322be32ca@isnotmyreal.name>

Hello gang!

I just joined the mailing list.  I have been a long time KeePass user,
but have been looking into pass more recently.

I had an old Issue on KeepassXC GitHub[0] requesting some enhancement,
which the devs did not want to do.  Which is fine.  I had actually
forgotten all about it, until someone else had bumped it a little more
recently.

I then mention in passing (yesterday) that I have been considering
pass[1], as it is essentially free-form text files with no limits on
what you can put in them, in case anyone else following the issue
wants to expand their options, as I have been thinking about doing.

Pretty quickly thereafter, both of main devs reply[2] with some
criticisms of PGP, gpg-agent, and some other concept (KDF?) which I am
not actually even familiar with.  The following are their comments,
which I quote in full:

> droidmonkey
> 
> Pass offers the barest minimal protections. I would never endorse
> the product because it is very easy to expose all of your secrets to
> any program by using gpg-agent to remember your credentials. There
> is also no concept of a KDF so brute forcing is an option, in fact
> their encryption method is undocumented or at least not readily
> apparent from their website.

> phoerious
> 
> It's PGP, the worst possible way to encrypt stuff in 2020.

Now, I know enough about crypto to know that it is the sort of thing
best left in the hands of people that know more about it than me.
OTOH, I did not think their criticisms of PGP/GPG were really on the
mark (unless they are referring to implementation details, which I
understand are of course important to get right).  But there again, I
am but a low level wizard myself, so I thought it best perhaps to pose
this criticism to the mailing list, instead.

Cheers,
TRS-80

[0] https://github.com/keepassxreboot/keepassxc/issues/4696
[1] 
https://github.com/keepassxreboot/keepassxc/issues/4696#issuecomment-716687928
[2] 
https://github.com/keepassxreboot/keepassxc/issues/4696#issuecomment-716729476

From mweber at free.fr  Tue Oct 27 22:06:14 2020
From: mweber at free.fr (Matthieu Weber)
Date: Tue, 27 Oct 2020 23:06:14 +0200
Subject: PGP, gpg-agent, and KDF criticisms?
In-Reply-To: <e9a3b10fdbfcb955dd2b71a322be32ca@isnotmyreal.name>
References: <e9a3b10fdbfcb955dd2b71a322be32ca@isnotmyreal.name>
Message-ID: <20201027210614.GA29752@weber.fi.eu.org>

On Tue, 27 Oct 2020 at 02:48PM -0400, TRS-80 wrote:
> I then mention in passing (yesterday) that I have been considering
> pass[1], as it is essentially free-form text files with no limits on
> what you can put in them, in case anyone else following the issue
> wants to expand their options, as I have been thinking about doing.
> 
> Pretty quickly thereafter, both of main devs reply[2] with some
> criticisms of PGP, gpg-agent, and some other concept (KDF?)

A KDF is a key-derivation function i.e., a function that allows to
generate a cryptographic key based on a passphrase (more from Wikipedia
https://en.wikipedia.org/wiki/Key_derivation_function ). Why it is
relevant to their rant against GPG, I don't know. Maybe their argument
is that if you chose a weak passphrase for your secret key, your secret
key is protected by a weak passphrase? That's no news. Maybe a KDF would
make the secret key a bit better protected than without a KDF? Again, I
don't know enough cryptography to answer that (but I will make the
educated guess that the argument is that the KDF is designed to be
a slow algorithm, and therefore unpractical to use in brute-force
attacks). My counter-argument is to use a password with enough entropy
to be actually safe instead of relying on the fact that a given
algorithm implementation (the KDF) is slow today. We'll all be sorry
anyway once quantum computers become available :)

> which I am not actually even familiar with.  The following are their
> comments, which I quote in full:
> 
> > droidmonkey
> > 
> > Pass offers the barest minimal protections. I would never endorse
> > the product because it is very easy to expose all of your secrets to
> > any program by using gpg-agent to remember your credentials. There
> > is also no concept of a KDF so brute forcing is an option, in fact
> > their encryption method is undocumented or at least not readily
> > apparent from their website.

So if you use gpg-agent, your secret key is not safe? Well yes, that's
true, the whole purpose of the agent is to trade a bit of security for
a bit of convenience. If that's the worry, don't use gpg-agent and
that's it. Regarding ?their encryption method is undocumented?, who
is ?they? in that sentence? GPG? Pass? Me? That kind of FUD is not
constructive, I'm afraid.

But as a general rule, you should know what you are doing and the
consequences of your choices (which admittedly is not easy on modern
computer systems), and before starting to use pass, you must be aware
that it is not a consumer product (it's a command-line tool, for
starters :) ), so some understanding of how it works is required IMO.

Matthieu
-- 
 (~._.~)        Matthieu Weber - matthieu at weber.fi.eu.org        (~._.~)
  ( ? )                 https://weber.fi.eu.org/                  ( ? )
 ()- -()           public key id : 0x85CB340EFCD5E0B3            ()- -()
 (_)-(_) "Humor ist, wenn man trotzdem lacht (Otto J. Bierbaum)" (_)-(_)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20201027/84e2c9ca/attachment.asc>

From mweber at free.fr  Wed Oct 28 07:31:10 2020
From: mweber at free.fr (Matthieu Weber)
Date: Wed, 28 Oct 2020 08:31:10 +0200
Subject: PGP, gpg-agent, and KDF criticisms?
In-Reply-To: <20201027210614.GA29752@weber.fi.eu.org>
References: <e9a3b10fdbfcb955dd2b71a322be32ca@isnotmyreal.name>
 <20201027210614.GA29752@weber.fi.eu.org>
Message-ID: <20201028063110.GA16381@weber.fi.eu.org>

I reply to myself to add a few more explanations.

On Tue, 27 Oct 2020 at 11:06PM +0200, Matthieu Weber wrote:
> On Tue, 27 Oct 2020 at 02:48PM -0400, TRS-80 wrote:
> > Pretty quickly thereafter, both of main devs reply[2] with some
> > criticisms of PGP, gpg-agent, and some other concept (KDF?)
> > which I am not actually even familiar with.  The following are their
> > comments, which I quote in full:
> > 
> > > droidmonkey
> > > 
> > > Pass offers the barest minimal protections. I would never endorse
> > > the product because it is very easy to expose all of your secrets to
> > > any program by using gpg-agent to remember your credentials. There
> > > is also no concept of a KDF so brute forcing is an option, in fact
> > > their encryption method is undocumented or at least not readily
> > > apparent from their website.

Regarding the use of a KDF in GPG, droidmonkey's statement is wrong,
AFAICT (it may have been true at some point in the past, maybe).

GPG uses one of the KDF defined in RFC 4880 according to
https://github.com/gpg/gnupg/blob/master/agent/keyformat.txt#protected-private-key-format
and by default uses the variant with iterative salting. If I've
understood correctly what man?gpg and man?gpg-agent explain about the
--s2k-* options, the number of iterations is chosen such that it takes
300 ms to calculate the key from the passphrase (that is the key that
protects the secret key, not the secret key itself).

Matthieu
-- 
 (~._.~)        Matthieu Weber - matthieu at weber.fi.eu.org        (~._.~)
  ( ? )                 https://weber.fi.eu.org/                  ( ? )
 ()- -()           public key id : 0x85CB340EFCD5E0B3            ()- -()
 (_)-(_) "Humor ist, wenn man trotzdem lacht (Otto J. Bierbaum)" (_)-(_)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20201028/4915b67a/attachment.asc>

From frank.gruellich at gmail.com  Wed Oct 28 14:34:06 2020
From: frank.gruellich at gmail.com (Frank =?iso-8859-1?Q?Gr=FCllich?=)
Date: Wed, 28 Oct 2020 14:34:06 +0100
Subject: PGP, gpg-agent, and KDF criticisms?
In-Reply-To: <e9a3b10fdbfcb955dd2b71a322be32ca@isnotmyreal.name>
References: <e9a3b10fdbfcb955dd2b71a322be32ca@isnotmyreal.name>
Message-ID: <20201028133406.GB41316@twoface.Speedport_W_724V_01011603_07_003>

Hi,

On Tue, Oct 27, 2020 at 02:48:17PM -0400, TRS-80 wrote:
> [PGP and its use in pass]

There was a longer discussion some time ago with the subject: "Is a
PGP-based password manager a good idea in 2019?" which is essentially
the topic discussed at the Github issue.  It is in the archives at
https://lists.zx2c4.com/pipermail/password-store/2019-August/003732.html
and you might want to go back to read it.  It has some links to posts
(or rants?) about PGP which puts it a bit into perspective.

Kind regards,
 Frank.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20201028/d4a41025/attachment.asc>