On 18-01-28 10:25:31, Greg Minshall wrote:
hi. thanks very much to the responsible parties for password-store,
which i'm happily using on lubuntu.
i'm attracted to somehow synchronizing with my iphone. the solution
(that i've seen) uses git for synchronizing.
this tickles something that's worried me a bit since i started looking
at pass, which is, i *worry* that the security of exposing lots of tiny,
"known-format" (more or less) files, all encrypted with the same key,
may be less secure than exposing one large, known-format, file,
encrypted with that same key.
(this is my intuition speaking to me and, of course, *my* intuition,
especially w.r.t. security, is infallible... :)
does anyone have any opinions/numbers/facts?
cheers, Greg
This is one of the main 'weaknesses' with pass - it exposes all of the
file names and therefore (for most people I presume) website names.
There are ways around this but I'm not sure they work on iPhone.
It's a risk I'm willing to take if the tradeoff is the excellent
usability and simple, transparent mechanism pass uses to encrypt and
send files.
One thing I like about using gpg as a solution is that you can encrypt
with multiple keys. This means you don't need to use the same key on
your phone as on your PC.
_______________________________________________
Password-Store mailing list
[email protected]
https://lists.zx2c4.com/mailman/listinfo/password-store
