Yeah, that was exactly my point. I know that LastPass does the same too. You have a utility installed on your computer and the web plugin is just calling it.
Thanks for the information On Mon, Feb 8, 2016 at 10:34 AM <[email protected]> wrote: > Hi, > > Most applications like 1Password use a local tool with a helper in the > browser. > Pass an do the same on Firefox with the passff plugin > https://github.com/jvenant/passff > > Having your GPG passphrase exposed to a hostile environment (browser) is > never a good idea, in principle all (other) browser plugins might be > able to intercept your key and passphrase. > > Currently some coders at IJhack are looking into a different backend (as > opposed to git + local filesystem) that allows for rate-limiting and a > paper trail of who accessed which passwords and when, this would make > pass a viable alternative to enterprises that need stuff like that. > > I am looking into making a browser plugin for chrome like passff but > it's still in extremely early stages. > > Greetings, > Anne Jan > > On 2016-02-08 10:04, GOYOT Martin wrote: > > Hello Alexandre, > > > > Thanks for the tip, I decided to use the android app. > > > > This said I would love you to explain me why this would be a bad idea. > > This could work exactly like what LastPass is doing for instance. > > > > Regards, > > -- Martin > > > > On Mon, Feb 8, 2016 at 10:00 AM Alexandre PUJOL <[email protected]> wrote: > > > >> Using git, you can use any git sever and git web app (like cgit) as > >> a > >> pass web viewer. Then, the git server will allow you to sync your > >> passwords between you device, and thus use the good pass client for > >> your > >> device (pass, pass-ios, Android-Password-Store...) > >> > >> However the git web app only output the tree of the password > >> directory. > >> The content itself stay encrypted. Do NOT try to create a tool in > >> order > >> to decrypt and output it in a web browser. As said Dashamir Hoxha > >> it > >> would not be a good idea at all. > >> Because you must NOT: > >> - Use any server to decrypt your password. > >> - Use JavaScript to decrypt the password directly in a web browser. > >> > >> This is why there is not pass web app, all the pass server you > >> would > >> ever need already exist it is a git server. > >> > >> Regards, > >> Alex > >> > >> On 07/02/16 20:57, GOYOT Martin wrote: > >>> Oh I didn't know of keybase. Looks like a really interesting > >> project! > >>> > >>> Also I don't know if Kenny Stier had the mailing list in copy > >> when he > >>> replied to me, but he pointed me to two mobile applications that > >> can > >>> deal with pass: > >>> > >>> https://github.com/zeapo/Android-Password-Store [1] > >>> https://github.com/davidjb/pass-ios#readme [2] > >>> > >>> I decided to give the android app a try, and for my really small > >> test > >>> until now, looks good! > >>> > >>> On Sun, Feb 7, 2016 at 8:24 PM Santiago Borrazás > >> <[email protected] > >>> <mailto:[email protected]>> wrote: > >>> > >>> Also, maybe using the Keybase > >>> filesystem > >> https://keybase.io/introducing-the-keybase-filesystem [3] > >>> > >>> On Sun, Feb 7, 2016 at 10:22 AM, Dashamir Hoxha > >>> <[email protected] <mailto:[email protected]>> wrote: > >>> > >>> In principle, you can use `git clone` or `rsync` to copy > >>> ~/.password-store to a portable device (usb, phone, > >> smartphone, > >>> etc.). You can copy there the corresponding GPG key as > >> well. > >>> Then, on another computer, you can tell pass to use the > >> data on > >>> the portable device by setting environment variables like > >> this: > >>> > >>> export PASSWORD_STORE_DIR="/dev/sdb1/.password-store" > >>> export > >> PASSWORD_STORE_GPG_OPTS="--homedir=/dev/sdb1/.gnupg" > >>> > >>> Or you can define an alias like this: > >>> > >>> alias > >> pass="PASSWORD_STORE_DIR='/dev/sdb1/.password-store' > >>> PASSWORD_STORE_GPG_OPTS='--homedir=/dev/sdb1/.gnupg' > >> pass" > >>> > >>> I haven't tried this but it should work. Maybe somebody > >> has > >>> written any blog or tutorial about this, with more > >> detailed > >>> instructions. > >>> > >>> Sorry, I know nothing about any web interface to pass. > >> And I > >>> don't even think it would be a good idea. > >>> > >>> Regards, > >>> Dashamir > >>> > >>> On Sun, Feb 7, 2016 at 6:11 PM, GOYOT Martin > >> <[email protected] > >>> <mailto:[email protected]>> wrote: > >>> > >>> Hello there, > >>> > >>> This is my first mail here, so if I'm doing anything > >> wrong > >>> please tell me. I just wanted to know if there was > >> any web > >>> app or mobile app that was able to deal with the pass > >>> utility as a backend. > >>> > >>> I'm using pass since quite some time now, and I > >> really love > >>> it. But sometimes I need to access my passwords and > >> sadly > >>> I'm not on my own computer with pass installed, my > >> gpg key > >>> and so on. So I was wondering if something like a web > >> or > >>> mobile interface capable to answer this problematic > >> already > >>> exists. > >>> > >>> Regards, > >>> -- Martin > >>> > >>> _______________________________________________ > >>> Password-Store mailing list > >>> [email protected] > >>> <mailto:[email protected]> > >>> > >> http://lists.zx2c4.com/mailman/listinfo/password-store [4] > >>> > >>> > >>> > >>> _______________________________________________ > >>> Password-Store mailing list > >>> [email protected] > >>> <mailto:[email protected]> > >>> http://lists.zx2c4.com/mailman/listinfo/password-store > >> [4] > >>> > >>> > >>> > >>> > >>> _______________________________________________ > >>> Password-Store mailing list > >>> [email protected] > >>> http://lists.zx2c4.com/mailman/listinfo/password-store [4] > >>> > >> _______________________________________________ > >> Password-Store mailing list > >> [email protected] > >> http://lists.zx2c4.com/mailman/listinfo/password-store [4] > > > > > > Links: > > ------ > > [1] https://github.com/zeapo/Android-Password-Store > > [2] https://github.com/davidjb/pass-ios#readme > > [3] https://keybase.io/introducing-the-keybase-filesystem > > [4] http://lists.zx2c4.com/mailman/listinfo/password-store > > > > _______________________________________________ > > Password-Store mailing list > > [email protected] > > http://lists.zx2c4.com/mailman/listinfo/password-store >
_______________________________________________ Password-Store mailing list [email protected] http://lists.zx2c4.com/mailman/listinfo/password-store
