Results 1 to 5 of 5

Thread: Pass 1.5 Open-Source Password Manager Released

  1. #1
    Join Date
    Jan 2007
    Posts
    15,645

    Default Pass 1.5 Open-Source Password Manager Released

    Phoronix: Pass 1.5 Open-Source Password Manager Released

    Version 1.5 of pass, the aptly named Unix standard password manager, has been released after about eighteen months of development...

    http://www.phoronix.com/vr.php?view=MTY2MzM

  2. #2
    Join Date
    Oct 2007
    Location
    Under the bridge
    Posts
    2,153

    Default

    With pass, each password lives inside of a gpg encrypted file whose filename is the title of the website or resource that requires the password.
    So this thing is leaking your website history to anyone with access to your password database. Seriously?

    I didn't bother reading after this. I will continue using KeePassX, which is open-source, cross-platform (Linux, Windows, Mac, Android, iOS) and does not leak my personal data all over the place.

  3. #3
    Join Date
    Apr 2014
    Posts
    2

    Default

    Quote Originally Posted by BlackStar View Post
    So this thing is leaking your website history to anyone with access to your password database. Seriously?

    I didn't bother reading after this. I will continue using KeePassX, which is open-source, cross-platform (Linux, Windows, Mac, Android, iOS) and does not leak my personal data all over the place.
    Yeah, only if you would be stupid enough to push your password store to a publicly available git repo...

  4. #4
    Join Date
    Oct 2009
    Posts
    2,145

    Default

    Quote Originally Posted by Cvnthvlv View Post
    Yeah, only if you would be stupid enough to push your password store to a publicly available git repo...
    There are a lot of situations where systems and data storage is shared among multiple users... otherwise why bother encrypting the passwords to begin with? Just throw a list into a text file and call it good....

  5. #5
    Join Date
    Apr 2014
    Posts
    2

    Default

    Quote Originally Posted by droidhacker View Post
    There are a lot of situations where systems and data storage is shared among multiple users...
    Which is a usage scenario that 1.5 has taken into account:
    Quote Originally Posted by article
    The big addition of 1.5 is the ability to use this model in a team setting. Since its inception, pass has had a .gpg-id file in the root directory of the password store, containing the pubkey id to specify for gpg. As a very simple addition, this .gpg-id file can now contain multiple keys on new lines.
    There's still no reason to host this on a public repo like github, though, if you're worried about history leakage. And if you're sharing your store with a team, odds are you're all accessing the same services anyway. Maintaining a separate, personal password store is easily done using the PASSWORD_STORE_DIR environment variable.
    Last edited by Cvnthvlv; 04-15-2014 at 10:59 AM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •