Announcement

Collapse
No announcement yet.

Pass 1.5 Open-Source Password Manager Released

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Pass 1.5 Open-Source Password Manager Released

    Phoronix: Pass 1.5 Open-Source Password Manager Released

    Version 1.5 of pass, the aptly named Unix standard password manager, has been released after about eighteen months of development...

    http://www.phoronix.com/vr.php?view=MTY2MzM

  • #2
    With pass, each password lives inside of a gpg encrypted file whose filename is the title of the website or resource that requires the password.
    So this thing is leaking your website history to anyone with access to your password database. Seriously?

    I didn't bother reading after this. I will continue using KeePassX, which is open-source, cross-platform (Linux, Windows, Mac, Android, iOS) and does not leak my personal data all over the place.

    Comment


    • #3
      Originally posted by BlackStar View Post
      So this thing is leaking your website history to anyone with access to your password database. Seriously?

      I didn't bother reading after this. I will continue using KeePassX, which is open-source, cross-platform (Linux, Windows, Mac, Android, iOS) and does not leak my personal data all over the place.
      Yeah, only if you would be stupid enough to push your password store to a publicly available git repo...

      Comment


      • #4
        Originally posted by Cvnthvlv View Post
        Yeah, only if you would be stupid enough to push your password store to a publicly available git repo...
        There are a lot of situations where systems and data storage is shared among multiple users... otherwise why bother encrypting the passwords to begin with? Just throw a list into a text file and call it good....

        Comment


        • #5
          Originally posted by droidhacker View Post
          There are a lot of situations where systems and data storage is shared among multiple users...
          Which is a usage scenario that 1.5 has taken into account:
          Originally posted by article
          The big addition of 1.5 is the ability to use this model in a team setting. Since its inception, pass has had a .gpg-id file in the root directory of the password store, containing the pubkey id to specify for gpg. As a very simple addition, this .gpg-id file can now contain multiple keys on new lines.
          There's still no reason to host this on a public repo like github, though, if you're worried about history leakage. And if you're sharing your store with a team, odds are you're all accessing the same services anyway. Maintaining a separate, personal password store is easily done using the PASSWORD_STORE_DIR environment variable.
          Last edited by Cvnthvlv; 04-15-2014, 09:59 AM.

          Comment

          Working...
          X