Pass is a great tool, but something it lacks is the ability to handle
obscured directory and usernames. This is a concern because having that
information gives reasonable suspicion that the user has access to that
account. A user can circumvent this problem by giving the directories
and files random names, but then they have to remember which each
randomly-named file is for and as the pass list grows it becomes
increasingly tedious.
My proposal is to let pass handle this by obscuring directory names and
password files with random data, and creating an encrypted index file
which translates user-friendly names into the encrypted file and
directory names. To illustrate:
##############################################
$ pass show GLITTAH/contact/openmailbox
notMyRealPassword1234
$ ls -R ~/.password-store
~/.password-store:
index.gpg YT5OD2llmAQCsAUQfFhyUNgXCV0tvvrP
~/.password-store/YT5OD2llmAQCsAUQfFhyUNgXCV0tvvrP:
3OhJzF8JZjy6pvV5mzCKTFVE731H0vKU
~/.password-store/YT5OD2llmAQCsAUQfFhyUNgXCV0tvvrP/3OhJzF8JZjy6pvV5mzCKTFVE731H0vKU:
j425B7eiSu5mm1tL8WTvvqGr2dGfJtjf.gpg
###############################################
what would happen when you use pass:
1. pass decrypts the index file (say, ~/.password-store/index.gpg)
2. pass finds the entry for the directory GLITTAH, contact, and the
entry for openmailbox, and then
3. decrypting the obscured filename with the crypto password provided by
gpg-agent
One weak link in this is the shell history file, so perhaps pass could
also have an option for purging all pass usage from .bash_history or
.zhistory.
Thanks for your time!
_______________________________________________
Password-Store mailing list
[email protected]
http://lists.zx2c4.com/mailman/listinfo/password-store
