-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 2017-05-08 23:47, cooloutac wrote: > On Tuesday, May 9, 2017 at 12:47:11 AM UTC-4, cooloutac wrote: >> On Sunday, May 7, 2017 at 12:33:54 PM UTC-4, [email protected] >> wrote: >>> On May 7, 2017 10:39:22 AM CDT, Andrew David Wong >>> <[email protected]> wrote: > On 2017-05-07 10:32, [email protected] wrote: >>>>>> On May 7, 2017 10:23:54 AM CDT, Andrew David Wong >>>>>> <[email protected]> wrote: On 2017-05-07 10:10, >>>>>> [email protected] wrote: >>>>>>>>> What benefit does this have over simply ysing >>>>>>>>> qubes-split-gpg-client-wrapper, like done here: >>>>>>>>> https://github.com/kulinacs/pass-qubes It seems >>>>>>>>> like a lot of overhead for not a lot of gain. >>>>>>>>> >>>>>>>>> On May 7, 2017 9:50:26 AM CDT, "Manuel Amador >>>>>>>>> (Rudd-O)" <[email protected]> wrote: >>>>>>>>>> Building on the excellent pass >>>>>>>>>> (https://passwordstore.org), it gives me great >>>>>>>>>> pleasure to announce the initial release of >>>>>>>>>> qubes-pass — an inter-VM password manager and >>>>>>>>>> store for Qubes OS. >>>>>>>>>> >>>>>>>>>> Check it out here! >>>>>>>>>> >>>>>>>>>> https://github.com/Rudd-O/qubes-pass >>>>>>>>>> >>>>>> >>>>>> What are the advantages of either of these over the >>>>>> traditional Qubes model of having a normal password >>>>>> manager in a vault VM and using the inter-VM clipboard to >>>>>> copy/paste passwords out of it? >>>>>> >>>>>> >>>>>> I prefer Pass because it uses GPG for encryption, meaning >>>>>> I can manage fewer secrets over all (as it backends into >>>>>> my normal GPG key) and then track my password files in >>>>>> git. To do this with the traditional Keepass method, you >>>>>> either need to back up the password database somewhere >>>>>> secure or remember another password for it. >>>>>> > > Why not just back up the entire vault with qvm-backup? > >>> >>> Git has less storage overhead (as you're backing up a bunch of >>> text files, not an entire VM), allows proper versioning, so it >>> is trivial to see your passwords at a point in time, and can be >>> used cross platform if you chose to keep your GPG key on >>> another system. >> >> I just back up the database file. its encrypted. > > I don't think backing up the whole vault is a good idea if you > don't have to. >
Why? No need to encrypt the database file if the whole VM is encrypted. Also, if your database file doesn't use authenticated encryption, that's another thing to worry about. You may also worry about file-level metadata leakage. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJZEVYkAAoJENtN07w5UDAwuAUQAMxJvs6Z5SK+2jJ7AaKPUnSQ 9sj2z7S4XzteTNRmV6e3c8MIiMuVUuO491B9/1p+s3ndsIZjQV2bK8gKwhsEvcJQ /jGoRpq+cTsYN7PCup17oP+hXqZMO6w23ehgJa5KTDnHl8DzQWoaG3QqCmkFSPL3 W2QdJ2wYgH14xlIwwqsDdsawZsjHs18OLO8u5tsaUqYZZDkhKN9SIABXjCfm+4bN za2xxcQlXX0HLEtGqHSRlBt36AKM0IYjQDh8ArM109E58uf+QWI/rXYe0U1bIRxR 7VyDSnNIH9qJ5GP25ZnTUu0czPTA3sh6Dr0y2gLfbvoEUmZfNRDX7IrSyVsG7q6P +GKrr10Cawym8tLr/v3pSZ2DLRG+3Am/zsEOyGUY3Cg5xUG0lSyVJp8WIb2xGtND o9mkaMaFV+iFFIxPzld5Wc9nwy7h+d3eF0b/fX32PsI+CpIVudOOpwibtPh1pte6 VMgclD00eQnabTjT3Egw6+8EvBsvDJc4smCJ/blWWRWgirRgdPwATlJ7CwxEICtW 8bwJTMXQsIeHqduEcBZO1qnI+sqaUF86KME2p6leD51qb+BUC/463l5En8terTe+ auIKVGdzcF5QRXihEMdJSDGrUgTsSUxoAdLFDEZGLWa1po62++3C0225DVvgOpp+ 03AmrJMi0eyaJ0ndGJG+ =soty -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/17b4002e-ec43-1acd-ad8e-9b26af3e2a81%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
