Follow

Wow I can’t suppress my excitement to know and use this management tool: , developed by the same author of wireguard!

It’s highly style.

passwordstore.org/

@dist @mdrights If we're talking gui, I have no complaints with keepassx. But a terminal password manager is interesting! I never even thought about a keepass cli! That might exist too and I didn't even know it. Sorry. I'm drinking.

@DCLXVI @dist

There’s keepassxc-cli which i had given it a try. But it can only send secret to clipboard that hindered me from using it from a real cli. 😂

@mdrights
It's definitely a well respected choice. But after I learn more about security, I'm kind of concerned about it's security defenses (against local attacks), such as memory safety or so. At least it hasn't undergone any security audits which might be vital for such a sensitive program 🤔

@mdrights you didn't know about pass? I'm surprised :)

@mdrights

If it doesn't offer keyfile + masterpassword function, I'll give it a pass 😐

I likes me a beefy keyfile in addition to masterpass.

@duckhp
You are right. i also found that it seems doesn’t support the encryption from a . I have to use my password store from where my master keys are available. Sounds not elegant.

BTW, , Should i leave my master secret key on my daily machine and use it to encrypt or sign?

> it seems doesn’t support the encryption from a #subkey. I have to use my password store from where my master #pgp keys are available. Sounds not elegant.

What? I’m using pass for years and it uses my encryption subkey just fine. I’ve also migrated encryption subkeys and pass rotated secrets just fine (with pass init IIRC).

> Should i leave my master secret key on my daily machine and use it to encrypt or sign?

No. Leave the master secret key on your offline computer (what? you don’t have one? Give back your paranoid nerd club card! ;) ) and the subkeys of course need to be in a tamper-resistant hardware security module (e.g. Yubikeys).

Do not accept compromise! Ultimate security or nothing! ;)

I did exaggerate a little bit but I’m using pass with the same exact setup as above and it really works great :) Have a nice evening!

i fear pgp key encryption is not strong enough for critical passwords now-days as it used old-style pbkdf2 which is impossible? to tune to be resistant enough, am i wrong ?
Sign in to participate in the conversation
Fosstodon

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.