Question about the 'pass' password manager
-
So even the sub-directories of the password store are encrypted? For example, even if I put my password int the name of a subdirectory, they wouldn't be able to see it?
No, only the file contents are encrypted. The file names and folder structure is visible to anyone who has access to the files.
The files themselves can contain a ton of stuff if you want, but the convention is to put the password on the first line and that's what "pass -c my/file" will copy.
-
So, I've been using keepassxc for some time now, but I wanted a viable alternative for command line usage (there is keepassxc-cli, that I use, but it is really a pain in the ass). So, I searched and found pass and gopass.
However, I've seen that they store each entry in a gpg encrypted file, inside a plain directory hierarchy. And, don't get me wrong, I believe that there are use cases for this, but if someone got their hands in your password_store, they would know every single login that you have (the only information that is protected is the password, or whatever is in the gpg file).
So, my question is, there is a password manager, cli based, that encrypts the whole database, and not the single entries?
That's correct. Everything in the store is encrypted
-
No, only the file contents are encrypted. The file names and folder structure is visible to anyone who has access to the files.
The files themselves can contain a ton of stuff if you want, but the convention is to put the password on the first line and that's what "pass -c my/file" will copy.
-
So, I've been using keepassxc for some time now, but I wanted a viable alternative for command line usage (there is keepassxc-cli, that I use, but it is really a pain in the ass). So, I searched and found pass and gopass.
However, I've seen that they store each entry in a gpg encrypted file, inside a plain directory hierarchy. And, don't get me wrong, I believe that there are use cases for this, but if someone got their hands in your password_store, they would know every single login that you have (the only information that is protected is the password, or whatever is in the gpg file).
So, my question is, there is a password manager, cli based, that encrypts the whole database, and not the single entries?
but if someone got their hands in your password_store
There's really no way around this. If someone "gets their hands on" your anything you're pretty much fucked. Pass is good enough privacy to justify its usage.
-
but if someone got their hands in your password_store
There's really no way around this. If someone "gets their hands on" your anything you're pretty much fucked. Pass is good enough privacy to justify its usage.
I agree, but picture this: if someone get their hands in a kdbx database, they would need to brute force through the master password; they couldn't possibly know any sites or logins. In the other hand, if someone got your password store, and you used this hierarchy structure, they could try to attack directly the logins, which increases the attack surface. That being said, yes, I completely agree with your last statement.
-
I agree, but picture this: if someone get their hands in a kdbx database, they would need to brute force through the master password; they couldn't possibly know any sites or logins. In the other hand, if someone got your password store, and you used this hierarchy structure, they could try to attack directly the logins, which increases the attack surface. That being said, yes, I completely agree with your last statement.
In the other hand, if someone got your password store, and you used this hierarchy structure, they could try to attack directly the logins
The
.passfile is encrypted just like the kbdx database and is also protected by a password. Apples to apples its the same amount of security. -
In the other hand, if someone got your password store, and you used this hierarchy structure, they could try to attack directly the logins
The
.passfile is encrypted just like the kbdx database and is also protected by a password. Apples to apples its the same amount of security.OP is talking about hhe meta-structure being visible.
If my filesystem gets compromised (stolen, confiscated, etc.) and I use pass, the infiltrators will know that I have a password that I labeled "slrpnk.net". They won't have access to the password itself, but they'll be able to determine all the services I have accounts at.
-
OP is talking about hhe meta-structure being visible.
If my filesystem gets compromised (stolen, confiscated, etc.) and I use pass, the infiltrators will know that I have a password that I labeled "slrpnk.net". They won't have access to the password itself, but they'll be able to determine all the services I have accounts at.
They won’t have access to the password itself, but they’ll be able to determine all the services I have accounts at.
-
They won’t have access to the password itself, but they’ll be able to determine all the services I have accounts at.
How is encrypting the metadata, as well as the data security through obscurity? O.o
-
Hmm I get it. As I said, I think there is good use cases for it, specially because of the simplicity, but I personally prefer to have the entire database encrypted, kinda like keepassxc does
pass probably isn't for you then, unless you find a wrapper or something that lets you put all in one file. I've switched to keepassxc as well, I could never get the browser integration to work with pass.
-
How is encrypting the metadata, as well as the data security through obscurity? O.o
Because if the data is secure, it makes no difference if a bad actor knows you have an account with a service or not. In the same way, I'm sure I could scrape lemmy for usernames and assume those usernames are emails, but that doesn't mean your account is less secure for using your email prefix as your lemmy username.
This is an example of security through obscurity. Not even the usernames are exposed IIRC. It's just the domain/service. Hell, I could guess that you have a gmail account. That doesn't make your account less secure for me knowing that.
-
Because if the data is secure, it makes no difference if a bad actor knows you have an account with a service or not. In the same way, I'm sure I could scrape lemmy for usernames and assume those usernames are emails, but that doesn't mean your account is less secure for using your email prefix as your lemmy username.
This is an example of security through obscurity. Not even the usernames are exposed IIRC. It's just the domain/service. Hell, I could guess that you have a gmail account. That doesn't make your account less secure for me knowing that.
Because if the data is secure, it makes no difference if a bad actor knows you have an account with a service or not
Bullshit. It's not about the obvious services, but rather the ones that give more info about my profile.
If the police confiscates my PC because of e.g. piracy, they could nail me down if they also knew that I had an account at a darkweb marketplace, or that I am a member of an organization that's deemed to be "terrorist".
The only way to hide that info with pass is to give it a cryptic name which make it less obvious, what the account is actually for. That is both inconvenient and I would argue: also quite security of obscurity.
This is an example of security through obscurity.
It is not. Security through obscurity relies on having a visible secret hidden somewhere where "no one would think to check". That's different than encrypting the whole meta-structure of your digital life.
-
Because if the data is secure, it makes no difference if a bad actor knows you have an account with a service or not
Bullshit. It's not about the obvious services, but rather the ones that give more info about my profile.
If the police confiscates my PC because of e.g. piracy, they could nail me down if they also knew that I had an account at a darkweb marketplace, or that I am a member of an organization that's deemed to be "terrorist".
The only way to hide that info with pass is to give it a cryptic name which make it less obvious, what the account is actually for. That is both inconvenient and I would argue: also quite security of obscurity.
This is an example of security through obscurity.
It is not. Security through obscurity relies on having a visible secret hidden somewhere where "no one would think to check". That's different than encrypting the whole meta-structure of your digital life.
If the police confiscates my PC because of e.g. piracy, they could nail me down if they also knew that I had an account at a darkweb marketplace
Firstly, if the police confiscate your PC, they already know (and have proven to a judge) that you conduct illegal activity and likely already have enough to convict you of a crime. lol
Secondly, you can have an account at a private torrent tracker (or any website [exluding cp]) and there's nothing anyone can do about it--because that's not illegal... Torrenting isn't illegal, either. Sharing copy written content is and they can't prove that you've done that beyond a reasonable doubt simply because you have an account at a website.
These are exceptionally poor arguments.
-
If the police confiscates my PC because of e.g. piracy, they could nail me down if they also knew that I had an account at a darkweb marketplace
Firstly, if the police confiscate your PC, they already know (and have proven to a judge) that you conduct illegal activity and likely already have enough to convict you of a crime. lol
Secondly, you can have an account at a private torrent tracker (or any website [exluding cp]) and there's nothing anyone can do about it--because that's not illegal... Torrenting isn't illegal, either. Sharing copy written content is and they can't prove that you've done that beyond a reasonable doubt simply because you have an account at a website.
These are exceptionally poor arguments.
Firstly, if the police confiscate your PC, they already know (and have proven to a judge) that you conduct illegal activity and likely already have enough to convict you of a crime. lol
Not if it's for securing evidence. That is only collected before the verdict. Otherwise, there wouldn't be any need for a trial.
Also, your metadata can put others in jeopardy. If you're busted for being an antifascist activist, who the police deems a "terrorist" and you're also member of another activist group which up to then wasn't in the sights of law enforcement, then you're putting that other activist group's members in danger.
Secondly, you can have an account at a private torrent tracker [...]
That wasn't my argument, though. You can criticise the circumstances that started my example premise, but the point still stands: having metadata that's clearly visible can be dangerous, because it can give an attacker more information on you (depending on your threat model).
These are exceptionally poor arguments.
You've actually only attacked my examples, not my argument. My original point still stands: The type of accounts you have can be something you legitimately want/need to encrypt. Not only the credentials.
-
Firstly, if the police confiscate your PC, they already know (and have proven to a judge) that you conduct illegal activity and likely already have enough to convict you of a crime. lol
Not if it's for securing evidence. That is only collected before the verdict. Otherwise, there wouldn't be any need for a trial.
Also, your metadata can put others in jeopardy. If you're busted for being an antifascist activist, who the police deems a "terrorist" and you're also member of another activist group which up to then wasn't in the sights of law enforcement, then you're putting that other activist group's members in danger.
Secondly, you can have an account at a private torrent tracker [...]
That wasn't my argument, though. You can criticise the circumstances that started my example premise, but the point still stands: having metadata that's clearly visible can be dangerous, because it can give an attacker more information on you (depending on your threat model).
These are exceptionally poor arguments.
You've actually only attacked my examples, not my argument. My original point still stands: The type of accounts you have can be something you legitimately want/need to encrypt. Not only the credentials.
You're creating wild scenarios off ridiculous supposition instead of dealing with reality.
If the police come raid your house, they know what you did and are looking for more evidence. The police can't raid your house if they don't already have evidence of wrongdoing. It's called a fuckin' warrant and they're not optional (yet).
If you’re busted for being an antifascist activist, who the police deems a “terrorist” and you’re also member of another activist group which up to then wasn’t in the sights of law enforcement, then you’re putting that other activist group’s members in danger.
If you're an agent in a "terrorist organization" and you leave your PC completely unencrypted for just anyone to grab, then you deserve to be in jail. lol
We went from arguing the merits of security through obscurity by ensuring that metadata was obscured through encryption to "LOL THE POLICE ARE GONNA BREAK INTO YOUR HOUSE AND GET AT YOUR DATA ON YOUR TOTALLY UNENCRYPTED HARD DRIVE AND NAIL YOU TO THE FLOOR AND CRUCIFY YOUR FRIENDS!"
It's beyond absurdist.
You’ve actually only attacked my examples, not my argument.
Again, your argument is total supposition of a completely imaginary scenario that's specifically crafted to support your own poor arguments... It has no value at all. That's why you feel attacked. Because your argument is shit and you can't back it up without inventing some crazy ass scenario that wouldn't play out in reality.
-
So, I've been using keepassxc for some time now, but I wanted a viable alternative for command line usage (there is keepassxc-cli, that I use, but it is really a pain in the ass). So, I searched and found pass and gopass.
However, I've seen that they store each entry in a gpg encrypted file, inside a plain directory hierarchy. And, don't get me wrong, I believe that there are use cases for this, but if someone got their hands in your password_store, they would know every single login that you have (the only information that is protected is the password, or whatever is in the gpg file).
So, my question is, there is a password manager, cli based, that encrypts the whole database, and not the single entries?
I'm using the Gnome Keyring on my Arch Linux system with Xfce desktop environment, and access its secrets from the command line with secret-tool, but I believe KeepassXC also supports the DBus Secret Service API, so that you can use secret-tool with it also.
-
You're creating wild scenarios off ridiculous supposition instead of dealing with reality.
If the police come raid your house, they know what you did and are looking for more evidence. The police can't raid your house if they don't already have evidence of wrongdoing. It's called a fuckin' warrant and they're not optional (yet).
If you’re busted for being an antifascist activist, who the police deems a “terrorist” and you’re also member of another activist group which up to then wasn’t in the sights of law enforcement, then you’re putting that other activist group’s members in danger.
If you're an agent in a "terrorist organization" and you leave your PC completely unencrypted for just anyone to grab, then you deserve to be in jail. lol
We went from arguing the merits of security through obscurity by ensuring that metadata was obscured through encryption to "LOL THE POLICE ARE GONNA BREAK INTO YOUR HOUSE AND GET AT YOUR DATA ON YOUR TOTALLY UNENCRYPTED HARD DRIVE AND NAIL YOU TO THE FLOOR AND CRUCIFY YOUR FRIENDS!"
It's beyond absurdist.
You’ve actually only attacked my examples, not my argument.
Again, your argument is total supposition of a completely imaginary scenario that's specifically crafted to support your own poor arguments... It has no value at all. That's why you feel attacked. Because your argument is shit and you can't back it up without inventing some crazy ass scenario that wouldn't play out in reality.
Sorry, homie. I'm not gonna keep arguing with you if you obviously can't argue without moving the goal posts, if your life depends on it.
My point still stands: Encrypting metadata can be sensible/necessary for your threat model and does not count as security through obscurity. You have failed to explain how it would be.
-
Sorry, homie. I'm not gonna keep arguing with you if you obviously can't argue without moving the goal posts, if your life depends on it.
My point still stands: Encrypting metadata can be sensible/necessary for your threat model and does not count as security through obscurity. You have failed to explain how it would be.
Encrypting metadata can be sensible/necessary for your threat model and does not count as security through obscurity. You have failed to explain how it would be.
I mean, your scenarios here are predicated on the idea that you're so concerned about privacy and security that you use PGP to protect your passwords, but leave your PC totally unencrypted and not password protected for "the police" to just come in and take and discover metdata about your proclivities.
It's absurd to the n^th degree and how you don't see that is astonishing.
-
Encrypting metadata can be sensible/necessary for your threat model and does not count as security through obscurity. You have failed to explain how it would be.
I mean, your scenarios here are predicated on the idea that you're so concerned about privacy and security that you use PGP to protect your passwords, but leave your PC totally unencrypted and not password protected for "the police" to just come in and take and discover metdata about your proclivities.
It's absurd to the n^th degree and how you don't see that is astonishing.
-
So, I've been using keepassxc for some time now, but I wanted a viable alternative for command line usage (there is keepassxc-cli, that I use, but it is really a pain in the ass). So, I searched and found pass and gopass.
However, I've seen that they store each entry in a gpg encrypted file, inside a plain directory hierarchy. And, don't get me wrong, I believe that there are use cases for this, but if someone got their hands in your password_store, they would know every single login that you have (the only information that is protected is the password, or whatever is in the gpg file).
So, my question is, there is a password manager, cli based, that encrypts the whole database, and not the single entries?
It depends how you use it. There is no requirement as to how you set up your directory structure, so you could have one file "passwords" with all your credentials in, including the website. That would break a lot of plugin's functionality though.
