Now it picks out automatically which gpg encryption to use, based on the presence of the file .gpg-id
On the init command, if no gpg-id is given as argument, then no .gpg-id file will be created, and the rest will always be symmetric encryption/decryption. If one (or more) gpg-id are given on init, a .gpg-id file will be created and everything will be same as before (symmetric encryption/decryption). Check it out here: https://github.com/dashohoxha/password-store/commits/master I have tested it, and it works well for me. Cheers, Dashamir On Tue, Jan 26, 2016 at 5:52 PM, Allan Odgaard <[email protected]> wrote: > On 26 Jan 2016, at 23:03, Matthieu Weber wrote: > > On Tue 26.01.2016 at 10:14:46PM +0700, Allan Odgaard wrote: >> >>> Furthermore, even with a 12 byte passphrase, it is user generated, >>> so it is unlikely to be truly random, which decrease the search >>> space (often significantly). >>> >> >> http://world.std.com/~reinhold/diceware.html solves that problem. >> > > This is basically suggesting 25-30 throws of the dice for a truly random > password resulting in 65-77 bit keys: log2((6^5)^5) > > The “dicelist” is there to make it possible for people to remember a 65-77 > bit random number, but good luck convincing people to use this scheme and > also to have them generate a new passphrase for each new application. > > So in practice, I think asymmetric encryption is the better/stronger >>> choice. >>> >> >> You only displace the problem, by having to protect your private key >> with a passphrase. >> > > Which is still better since an attacker will need to steal your key before > they can brute-force your passphrase, and if you are worried about this, > you can move the key to a physical token, so now this physical token needs > to be stolen for someone to decrypt your files, and this physical token can > have its own security requiring specialized tools in order to break them. > > _______________________________________________ > Password-Store mailing list > [email protected] > http://lists.zx2c4.com/mailman/listinfo/password-store >
_______________________________________________ Password-Store mailing list [email protected] http://lists.zx2c4.com/mailman/listinfo/password-store
