is it me or the patch is incomplete? "makes it trivial to compute the length of the" (!)
On 02/24/2017 12:02 PM, Thibault Polge wrote: > This patch adds a “Known Limitations” section near the end of the man > page. It briefly documents two properties of pass: > > 1. That the folder structure is not encrypted at all, but only the > contents of password files; > 2. That the encryption system makes it trivial to compute the size of > clear text from the encrypted data. > > Although these limitations are obvious (for the first one) or not really > problematic (for the second), I believe they deserve to be documented. > Since pass aims to follow the “Unix philosophy” of “do one thing and do > it well”, the exact range of the uses it may be put to beyond password > management can't be guessed /a priori/; and thus the documentation > should make it clear what the program what is designed to do, and what > it isn't. > > Best regards, > Thibault > > --- > man/pass.1 | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/man/pass.1 b/man/pass.1 > index 71bfc7e..fee19b5 100644 > --- a/man/pass.1 > +++ b/man/pass.1 > @@ -462,6 +462,13 @@ The \fBinit\fP command will keep signatures of > \fB.gpg-id\fP files up to date. > .TP > .I EDITOR > The location of the text editor used by \fBedit\fP. > +.SH KNOWN LIMITATIONS > +The hierarchy of password names is stored as a plain text folder > +structure. Pass itself does nothing to conceal the names you give to > +your keys or to the folder structure which contains them. > + > +Pass also does nothing to hide the size of the data it encrypts. The > +design of OpenPGP makes it trivial to compute the length of the > .SH SEE ALSO > .BR gpg2 (1), > .BR tr (1), > -- > 2.11.0 > _______________________________________________ > Password-Store mailing list > [email protected] > https://lists.zx2c4.com/mailman/listinfo/password-store -- HacKan || Iván GPG: 0x35710D312FDE468B
_______________________________________________ Password-Store mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/password-store
