On 23/02/2017 13:51, Thibault Polge wrote:
The consequence is a serious reduction of the complexity of
brute-force attacks,
IMO, this is a non-issue.
Suppose each position in my password is taken from a set of N
possibilities, and then I tell you that my password is exactly 10
On 15/02/2017 03:21, Thomas Harning Jr. wrote:
The nice bit about the key URI format is that it bundles all the OTP
details in an optional way with defined defaults and helps keep all
the OTP details in one place.
Plus it can be rendered as a QR code, and hence auto-loaded into a
device like
On 05/02/2017 21:22, Adam Spiers wrote:
The first thing to note is that if the mechanism for calculating
obfuscated filenames is a simple hash such as SHA-256, then in order
to implement
pass show google.com
we simply perform SHA-256 on "google.com", and then look for a file
called
On 05/02/2017 03:53, HacKan Iván wrote:
I thought the same, but implementing it is a real pain in the ass.
I'm currently working on something I'll send soon, and then I'm gonna
work on an extension to do just that :)
If this is implemented I'd definitely prefer to see it as an extension,
On 29/01/2017 12:18, Emil Lundberg wrote:
If you use gpg-agent, you can instead use `git log -p `,
which shows you the diff for each commit in the log. Git will
automagically decrypt the files before diffing.
"Binary files a/xxx.gpg and b/xxx.gpg differ" - some .gitconfig magic is
required
On 28/01/2017 16:42, Simon Lackerbauer wrote:
On 01/28/2017 05:34 PM, Brian Candler wrote:
I like this idea a lot. I like keeping history of passwords, as
sometimes you come across some forgotten system which still uses a
password from one or more generations ago.
Isn't that what's basically
On 28/01/2017 16:21, Patrick Burroughs (Celti) wrote:
I think there's room in this idea for a `pass rotate` subcommand, that
will shove the old password down a line, then generate and insert the
new password. Should be relatively easy to implement*and* would help
satisfy some systems that have
On 06/01/2017 22:13, Oliver Albertini wrote:
Forgive me if this is is the wrong place to ask, or if it has already been
addressed. Also, thanks to the developers of pass, it is a really useful
program.
What is the best practice for using a yubikey to authenticate gpg in the
context of pass?
On 31/12/2016 11:04, Vahid Ma'ani wrote:
"grep" option search content of crypted files and i should type
passphrase some times for each search.
Not if you use gpg-agent. It keeps your passphrase for 5 minutes.
gpg-agent is invaluable for certain operations on the repo. For example,
using
On 20/12/2016 10:17, Daniel Dörrhöfer wrote:
I have tested this implementation with the -no-symbols / -n option
turned on and have noticed that the password contains a single quote (').
e.G. 7S3b4wJ4R7'RfWGagkhaM95'6
To reproduce this, you have to generate a couple of passwords.
Good catch
On 18/12/2016 15:20, Jason A. Donenfeld wrote:
https://git.zx2c4.com/password-store/commit/?id=f2a6078885c61040737c602a99ee75ba8009f17f
Any criticism of this?
Well firstly, it doesn't even work under OSX. I tried this:
#!/bin/bash
length=25
characters='[:graph:]'
read -r -N $length pass <
On 18/12/2016 14:02, ilf wrote:
I also proposed a method to do this without base64:
ilf:
Here's a simple way to generate passwords from /dev/random directly
in shell:
tr -dc "[:graph:]" < /dev/urandom | head -c 32
As I said at the time, that's terrible because it will consume 4KB or
8KB of
On 17/12/2016 23:22, Antoine Beaupré wrote:
base64 turns each group of 3 bytes into 4 characters, so 18 bytes => 24
characters
ah. yes. i was counting the last = sign, sorry.
"=" signs are only added if the input isn't a multiple of 3 bytes:
$ echo -n "abc" | base64
YWJj
> > `base64` is not
On 17/12/2016 22:02, Antoine Beaupré wrote:
a 18 bytes password contains (naturally) 144 bits of entropy and
base64 turns that in a 25 character password
base64 turns each group of 3 bytes into 4 characters, so 18 bytes => 24
characters
base64 passwords are more portable and incur only a
On 07/12/2016 16:52, Emile Cantin wrote:
I think the key here is that 'pass init' reads and re-encrypts
everything with the new key(s), but Eve didn't actually use 'pass
init' but did it manually (because she can't read the files). This
leads to a situation where files in the directory are
On 04/12/2016 21:26, Jacob MacDonald wrote:
The repository is not stored as bare; That way I can access the files
in the repository directly from Drive
Warning: doing "git push" to a non-bare repository is generally not
recommended, although you can do it with a post-update hook, or you can
On 04/12/2016 18:58, Soham Chakraborty wrote:
I have pass set up in my work computer. And I would like to have the
contents of my password store into my home computer as well.
I am looking to know how you folks manage such use case. Do you backup
existing password store and then restore it on
On 01/12/2016 12:20, ads wrote:
If I do mkdir /dev/shm/foo, then touch /dev/shm/foo/bar, the file bar
gets written correctly.
And what if you do "gvim /dev/shm/foo/bar" ?
Is it possible that there is an apparmor policy for gvim, which is
preventing it opening files under /dev ?
Somebody
On 23/11/2016 14:34, Cycle London wrote:
Second: is there a way to get my passwords onto an iPhone or Android,
without an ssh client and running the command directly on the host?
There are links from https://www.passwordstore.org/ to android app and
iOS app (but I haven't tried them)
On 23/11/2016 13:44, Tao Bror Bojlén wrote:
Could it be that your GPG passphrase is saved in the macOS keychain?
That would explain why you aren't prompted for it after a reboot.
Try opening the macOS keychain and seeing if anything comes up when you
search for "gnupg".
I second that
On 14/11/2016 21:27, ilf wrote:
Here's a simple way to generate passwords from /dev/random directly in
shell:
tr -dc "[:graph:]" < /dev/urandom | head -c 32
Aside: even though urandom doesn't block, I still think it's a really
bad idea to consume 4KB or more of data from it to generate a
On 14/11/2016 21:27, ilf wrote:
Currently, pass depends on pwgen to generate passwords. I think it
would be easy and desirable to drop this dependency and generate
passwords natively.
Here's a simple way to generate passwords from /dev/random directly in
shell:
tr -dc "[:graph:]" <
On 14/11/2016 09:58, Micha Rosenbaum wrote:
On Mon, Nov 14, 2016 at 10:51:26AM +0100, Uwe Kaminski wrote:
>What do you think regarding this functionality especially if you do
>not use vi as default editor?
Have you tried to set your wanted editor with the environment variable
$EDITOR? Try:
On 11/11/2016 10:05, Henrik Christian Grove wrote:
tr -dc 'A-Za-z0-9!"#$%&'\''()*+,-./:;<=>?@[\]^_`{|}~' head -c 32 && echo
>
You're absolutely right, I totally missed that first head which is
totally unneccessary.
Note that if you pipe /dev/random directly into tr like this, you are
likely
On 09/11/2016 19:32, Kevin Cox wrote:
You do have a bug though. You shouldn't use head because then if you
happen to draw 10 newlines before the characters you need your
generated password will be shorter then you expected. Try the following.
Alternatively:
dd if=/dev/urandom bs=1 count=12 |
On 04/10/2016 05:45, Sylvain Viart wrote:
Pass itself could be signed. By the user at init.
But why? Do you have a version of Linux which only executes signed
scripts/binaries?
As for the admin being tricked into installing a malicious plugin -
what's the difference between that and
On 18/09/2016 12:52, Jakob Holderbaum wrote:
Both tools allow to specify the optional working dir with -C in front of the
actual command. For example:
`git -C ~/dev/dotfiles status`
or
`make -C ./build test`
Wouldn't it be great if pass could provide the same interface:
`pass -C ./secrets
On 31/08/2016 15:44, Sylvain Viart wrote:
Nope, it has a non-zero size:
ls -l ~/.password-store/web/framapad.org.gpg
-rw--- 1 sylvain sylvain *528* juil. 19 15:27
/home/sylvain/.password-store/web/framapad.org.gpg
gpg -d /home/sylvain/.password-store/web/framapad.org.gpg
Does it give
On 18/07/2016 08:53, Adrián López Tejedor wrote:
I sent this path the 17 of June with exactly that.
I have added the "--edit" option to generate.
Excellent, thank you. I have applied this by hand.
Note: I intentionally don't use a gpg agent, and I notice with "pass
generate --edit" I get
On 15/07/2016 22:29, Marcos Alano wrote:
I agree with Kenny. Pass has so much potential even being based on so
basic principles (lots of encrypted files). A good interface to add
new entries with an option to generate a random password is a nice idea.
I like this idea too.
Perhaps something
On 20/05/2016 12:36, Renato Alves wrote:
I don't know if gpg stores any kind of date as part of the metadata of
the encrypted content but encrypting a timestamp seems like the only
resiliant approach.
You could simply sign the data when encrypting it: the signature
includes a timestamp.
On 10/05/2016 16:43, Martin Bless wrote:
Am Tue, 10 May 2016 15:51:24 +0200 schrieb Joschka Tillmanns:
Hello Joschka,
>May I get some feedback for this patch?
I don't like the idea of introducing the dependency of "aspell". For
example I'd like to use "pass" in combination with "Ansible"
On 09/05/2016 16:06, Lukas J wrote:
I would like to change the key I use for encrypting my password. I
couldn't find an option for pass to do that. Is there an easy way to
do it?
Do you mean, re-encrypt all your stored passwords with a different GPG
public key?
I think "pass init " should
I am using pass under OSX without gpg-agent [^1]
Something I've noticed:
- "pass edit foo/bar" when it creates a new file, doesn't ask for your
passphrase
- "pass edit foo/bar" when editing an existing file asks for your
passphrase both before *and* after editing
I thought this meant that
(I don't know if this has been discussed or proposed before)
I have multiple git-backed password stores for different clients. Right
now I am using wrapper scripts to set the base directory, e.g.
#!/bin/sh
PASSWORD_STORE_DIR=/Users/brian/git/client1/password-store pass "$@"
#!/bin/sh
35 matches
Mail list logo
