On Thu, Aug 29, 2019, at 11:36 AM, Lenz Weber wrote:
> GPG doesn't get a lot love because it has a lot of backwards
> compatibility with algorithms that shouldn't be used any more and the
> APIs and CLI tools are a mess of UX.
>
>
>
> The second part is completely mitigated by using pass - you get a
> simple, clear CLI interface that is almost impossible to mis-use.
>
> The first part is partially on you: if you create a gpg key with very
> weak encryption, you've got a problem.
>
> But if you create a modern GPG key, you're perfectly fine. The
> cryptography of modern algorithms in GPG is not part of that debate as
> far as I know.
+1 to this entire answer. I only add that I haven't seen anyone propose a
replacement tool for the pass use case yet. Everything I have seen in the
current discussions focuses on messaging and email. There are some libraries
for application secrets which could theoretically be adapted for this use and
and at least one whole new program being written, but nothing ready for use.
regards,
bex
>
>
>
> On 8/29/19 11:24 AM, Sylvia Gough wrote:
> > First, I'd like to thank Jason for all the amazing crypto work he's been
> > doing.
> >
> > Now to my question. I'm considering using pass as my password manager, and
> > security is obviously a top concern for this roll. I know that pass is
> > using GPG under the hood, and as far as I can see GPG doesn't get much love
> > among cryptographers[1][2].
> >
> > What's your opinion about this?
> >
> > [1]: https://latacora.micro.blog/2019/07/16/the-pgp-problem.html
> > [2]: https://blog.filippo.io/giving-up-on-long-term-pgp/
> >
> > _______________________________________________
> Password-Store mailing list
> > [email protected]
> > https://lists.zx2c4.com/mailman/listinfo/password-store
> _______________________________________________
> Password-Store mailing list
> [email protected]
> https://lists.zx2c4.com/mailman/listinfo/password-store
>
_______________________________________________
Password-Store mailing list
[email protected]
https://lists.zx2c4.com/mailman/listinfo/password-store
