On Tuesday, May 9, 2017 at 1:40:03 AM UTC-4, Andrew David Wong wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > On 2017-05-08 23:47, cooloutac wrote: > > On Tuesday, May 9, 2017 at 12:47:11 AM UTC-4, cooloutac wrote: > >> On Sunday, May 7, 2017 at 12:33:54 PM UTC-4, [email protected] > >> wrote: > >>> On May 7, 2017 10:39:22 AM CDT, Andrew David Wong > >>> <[email protected]> wrote: > > On 2017-05-07 10:32, [email protected] wrote: > >>>>>> On May 7, 2017 10:23:54 AM CDT, Andrew David Wong > >>>>>> <[email protected]> wrote: On 2017-05-07 10:10, > >>>>>> [email protected] wrote: > >>>>>>>>> What benefit does this have over simply ysing > >>>>>>>>> qubes-split-gpg-client-wrapper, like done here: > >>>>>>>>> https://github.com/kulinacs/pass-qubes It seems > >>>>>>>>> like a lot of overhead for not a lot of gain. > >>>>>>>>> > >>>>>>>>> On May 7, 2017 9:50:26 AM CDT, "Manuel Amador > >>>>>>>>> (Rudd-O)" <[email protected]> wrote: > >>>>>>>>>> Building on the excellent pass > >>>>>>>>>> (https://passwordstore.org), it gives me great > >>>>>>>>>> pleasure to announce the initial release of > >>>>>>>>>> qubes-pass — an inter-VM password manager and > >>>>>>>>>> store for Qubes OS. > >>>>>>>>>> > >>>>>>>>>> Check it out here! > >>>>>>>>>> > >>>>>>>>>> https://github.com/Rudd-O/qubes-pass > >>>>>>>>>> > >>>>>> > >>>>>> What are the advantages of either of these over the > >>>>>> traditional Qubes model of having a normal password > >>>>>> manager in a vault VM and using the inter-VM clipboard to > >>>>>> copy/paste passwords out of it? > >>>>>> > >>>>>> > >>>>>> I prefer Pass because it uses GPG for encryption, meaning > >>>>>> I can manage fewer secrets over all (as it backends into > >>>>>> my normal GPG key) and then track my password files in > >>>>>> git. To do this with the traditional Keepass method, you > >>>>>> either need to back up the password database somewhere > >>>>>> secure or remember another password for it. > >>>>>> > > > > Why not just back up the entire vault with qvm-backup? > > > >>> > >>> Git has less storage overhead (as you're backing up a bunch of > >>> text files, not an entire VM), allows proper versioning, so it > >>> is trivial to see your passwords at a point in time, and can be > >>> used cross platform if you chose to keep your GPG key on > >>> another system. > >> > >> I just back up the database file. its encrypted. > > > > I don't think backing up the whole vault is a good idea if you > > don't have to. > > > > Why? No need to encrypt the database file if the whole VM is > encrypted. Also, if your database file doesn't use authenticated > encryption, that's another thing to worry about. You may also worry > about file-level metadata leakage. > > - -- > Andrew David Wong (Axon) > Community Manager, Qubes OS > https://www.qubes-os.org > -----BEGIN PGP SIGNATURE----- > > iQIcBAEBCgAGBQJZEVYkAAoJENtN07w5UDAwuAUQAMxJvs6Z5SK+2jJ7AaKPUnSQ > 9sj2z7S4XzteTNRmV6e3c8MIiMuVUuO491B9/1p+s3ndsIZjQV2bK8gKwhsEvcJQ > /jGoRpq+cTsYN7PCup17oP+hXqZMO6w23ehgJa5KTDnHl8DzQWoaG3QqCmkFSPL3 > W2QdJ2wYgH14xlIwwqsDdsawZsjHs18OLO8u5tsaUqYZZDkhKN9SIABXjCfm+4bN > za2xxcQlXX0HLEtGqHSRlBt36AKM0IYjQDh8ArM109E58uf+QWI/rXYe0U1bIRxR > 7VyDSnNIH9qJ5GP25ZnTUu0czPTA3sh6Dr0y2gLfbvoEUmZfNRDX7IrSyVsG7q6P > +GKrr10Cawym8tLr/v3pSZ2DLRG+3Am/zsEOyGUY3Cg5xUG0lSyVJp8WIb2xGtND > o9mkaMaFV+iFFIxPzld5Wc9nwy7h+d3eF0b/fX32PsI+CpIVudOOpwibtPh1pte6 > VMgclD00eQnabTjT3Egw6+8EvBsvDJc4smCJ/blWWRWgirRgdPwATlJ7CwxEICtW > 8bwJTMXQsIeHqduEcBZO1qnI+sqaUF86KME2p6leD51qb+BUC/463l5En8terTe+ > auIKVGdzcF5QRXihEMdJSDGrUgTsSUxoAdLFDEZGLWa1po62++3C0225DVvgOpp+ > 03AmrJMi0eyaJ0ndGJG+ > =soty > -----END PGP SIGNATURE-----
the database file is automatically encrypted. I just feel like vault more likely compromised then the file if something is. but I could be wrong. plus way less space. I think when we have paranoid mode it will be better. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/72935423-38cb-485f-92cc-9fe2dfd79bef%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
