-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 2017-05-07 12:23, Andrew David Wong wrote: > On 2017-05-07 11:33, nickl...@kulinacs.com wrote: >> On May 7, 2017 10:39:22 AM CDT, Andrew David Wong >> <a...@qubes-os.org> wrote: On 2017-05-07 10:32, >> nickl...@kulinacs.com wrote: >>>>> On May 7, 2017 10:23:54 AM CDT, Andrew David Wong >>>>> <a...@qubes-os.org> wrote: On 2017-05-07 10:10, >>>>> nickl...@kulinacs.com wrote: >>>>>>>> What benefit does this have over simply ysing >>>>>>>> qubes-split-gpg-client-wrapper, like done here: >>>>>>>> https://github.com/kulinacs/pass-qubes It seems like a >>>>>>>> lot of overhead for not a lot of gain. >>>>>>>> >>>>>>>> On May 7, 2017 9:50:26 AM CDT, "Manuel Amador (Rudd-O)" >>>>>>>> <rud...@rudd-o.com> wrote: >>>>>>>>> Building on the excellent pass >>>>>>>>> (https://passwordstore.org), it gives me great >>>>>>>>> pleasure to announce the initial release of >>>>>>>>> qubes-pass — an inter-VM password manager and store >>>>>>>>> for Qubes OS. >>>>>>>>> >>>>>>>>> Check it out here! >>>>>>>>> >>>>>>>>> https://github.com/Rudd-O/qubes-pass >>>>>>>>> >>>>> >>>>> What are the advantages of either of these over the >>>>> traditional Qubes model of having a normal password manager >>>>> in a vault VM and using the inter-VM clipboard to copy/paste >>>>> passwords out of it? >>>>> >>>>> >>>>> I prefer Pass because it uses GPG for encryption, meaning I >>>>> can manage fewer secrets over all (as it backends into my >>>>> normal GPG key) and then track my password files in git. To >>>>> do this with the traditional Keepass method, you either need >>>>> to back up the password database somewhere secure or remember >>>>> another password for it. >>>>> > >> Why not just back up the entire vault with qvm-backup? > > >> Git has less storage overhead (as you're backing up a bunch of text >> files, not an entire VM), allows proper versioning, so it is >> trivial to see your passwords at a point in time, and can be used >> cross platform if you chose to keep your GPG key on another >> system. > > > I prefer the security of qvm-backup[-restore], since it allows me to > keep the vault and its contents permanently offline. The entire VM is > BZIP compressed, AES-256 encrypted, and HMAC-SHA512 authenticated. The > integrity verification, authentication, and decryption all happen at > the dom0 level. The backup is tiny, so the storage overhead is > inconsequential, and there's no need to worry about file-level > metadata leakage or the backup file itself being used as an attack > vector. KeePassX has sufficient built-in versioning for me, and it's > easy enough to sync Qubes backups across machines with simple scripts. > > With this setup, considerations like "managing fewer secrets" seem out > of place. I only have to manage three secrets: > > 1. LUKS passphrase > 2. Backup passphrase > 3. Screen locker passphrase >
I should add that using the same passphrase for (some subset of) 1, 2, and 3 would arguably be a very reasonable trade-off between security and convenience for most users (i.e., a likely negligible drop in security for a significant gain in the form of having to remember fewer things). > Managing these three allows me to have an arbitrary number of > additional secrets in VMs without having to remember anything else. I > can't replace 1, 2, or 3 with my PGP key(s), because my PGP key(s) are > inside my PGP VM, which I can't access except via 1, 2, or 3. But > that's by design. I wouldn't want to make that replacement even if I > could, since I wouldn't want an attacker who gains access to my (one > of my) PGP (sub)key(s) to have access equivalent to 1, 2, or 3. I also > wouldn't want to use my (import) PGP keys on any non-Qubes systems, > since that would likely defeat the purpose of protecting them via > Split GPG. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJZD1vAAAoJENtN07w5UDAw0PgP/jZwC1XYgGbXn6Oja5IkDKuF 09sfEZVlWsfUgWB+rT6X6sOX2cpUrxKSL/7e2Zb/YuebCDawwSycZxi1XVsOGP2y sTxD8fi3k/t86i1LvgVFi7TbwKBjqwzvbP1en575iMrbTa8ye48Vg1tpaLmnt82/ GrDneJNgnQDw79bbjK0GO4Ak/Y3kAhZm9QRvaHNM4rKrdyI0fobDq18TXmaAIKi+ pIJ+fsO+CAemS2pfKuKjaCgzc3dEprzWqOpQgbcOq96dQZ/8t1QPoQqJirpBJ7Tn Nj06YELPm+IgzPF+9KYRW/EiFJYF2gNBFpA4SNoj4R0fs2nuK2hRb4QCvsiIXGoR 8Bn7Ri5ns4B3Ky8prUWvvnOyXb83XxBe3nZ6q1SaKn4iKKoOYOYEn4KSzDOfH8hL 8edVCWuHNagJS3xXt3j7+xMNBFsYmdYFyuqpiJqq/cgqmiWJnmOp7h4M6y2CZ/9m CPut/OUw4CFe8zHg7dUDA8Ihc5YGB2Ssegk0hGA3NhpamM3sOsTJ+hDPI/Uq7o1l 8LI4nRhpwC1gLXWKw++X0oPp2wZIYHY/ufB6cgqVnFlZjRhr3FHSpXom8yUOYWGk dMvWUZM0oJ/Smq6aP4JobX0wBsC5lMhmCVxOf9jQCKh3aoA43Sapm46ekdDDItoP kszj1eCEzqCrKNMRKki4 =J4QR -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f22db26d-e817-122b-bc31-8a37053af3b7%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.