On Feb 12, 2017 12:49, "Brian Candler" <[email protected]> wrote:
On 12/02/2017 20:40, Johannes Marbach wrote: > > I think this potentially increases the surface for an attacker. Even > though the files are still securely encrypted, I wouldn't even want someone > to know that I have e.g. a Visa credit card or a gmail account. > > Otherwise known as "security through obscurity". This is not how pass works; if you need this, either do it at a different layer (e.g. encfs), or maybe a different tool is more appropriate. To be fair this provides plausible deniability which does have value. For example the US government is threatening to start asking for social media accounts and possible passwords when entering the country. If you claim not to have an account but they search your computer and find the password entry you are going to be in trouble. That being said I agree that pass isn't the tool for this, or at the very least that you should be using a tool on top of pass.
_______________________________________________ Password-Store mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/password-store
