On Fri, Jan 29, 2016 at 5:11 PM, Kevin Lyda <[email protected]> wrote:
> On Fri, Jan 29, 2016 at 3:16 PM Dashamir Hoxha <[email protected]> > wrote: > >> On Fri, Jan 29, 2016 at 11:16 AM, Kevin Lyda <[email protected]> >> wrote: >> >>> I have no idea why you want to do this since your shell already has >>> completion. Not sure of the win here. >>> >> I want to ask user for the passphrase only once, save it in a variable, >> > > I'll admit it, I lied. I guessed you were going to do something like that. > > Just so I can sleep at night with a clean conscience, you're aware that is > a horribly bad idea to do, yes? There's a good chance your password could > end up in a swap file or in a core file. A root user can just do "ps > auxwwe". And I assume you're passing that password in via the command line > so a well timed ps by *any* user will get your password. > No, I am not a security expert, so I am not aware of it. But it doesn't seem so terrible to me. I think that the chances for getting it by `ps auxwwe` are very low. Especially if you are the only user of the system. But in the end the users can choose for themselves what is the right tradeoff between the security and convenience. > > And generally all these issues are why symmetric encryption is a terrible > idea for this. > But maybe the core dump or swap file issue applies to gpg-agent as well... > > I get that you really want to do it. Just... it's a bad idea. > It is almost finished now, so I am not sure whether I should abandon it or not. Thanks for your help and feedback anyway. Dashamir
_______________________________________________ Password-Store mailing list [email protected] http://lists.zx2c4.com/mailman/listinfo/password-store
