Hi, one reason for using a password manager that encrypts its password store is to avoid to keep the passwords safe even if the password store itself gets into the wrong hands (e.g. if a laptop is stolen and the user didn't use hard drive encryption).
However, at the moment pass seems to leak the length of the passwords through the file size of the stored passwords. As far as I can tell the file sizes vary based on the length of the GPG key that is used, but are only dependent on the password length otherwise. For example, a one-character password encrypted with a 2048 RSA key results in a file size of 324 bytes, a five-character password generates a file that is 328 bytes long, etc.. I tested this with two different 2048 bit keys. Similarly, for 4096 bit RSA keys, password file sizes start at 580 bytes and increase by one byte per password character as well. If an attacker gets his hands on a password store, this could be problematic since it decreases the search space for passwords considerably; especially if they have some offline method of bruteforcing passwords (e.g. if they obtained the hash of a user's password from some database). I think this is an issue and should be fixed, even though all the fixes I can see would detract from the simplicity of the current implementation. One way to remedy this is the following: When adding a new password one could generate a random number of bytes and append that, along with information on how many junk bytes were added, to the entry and discard them when reading the password. This has the disadvantage of the files no longer being easily readable/usable without pass. I'd like to know if others also think that this is a security issue and if there are better ways of fixing it. Cheers, Daniel _______________________________________________ Password-Store mailing list [email protected] http://lists.zx2c4.com/mailman/listinfo/password-store
