Wow I can’t suppress my excitement to know and use this #password management tool: #pass, developed by the same author of wireguard!
It’s highly #UNIX style.
@mdrights
It's definitely a well respected choice. But after I learn more about security, I'm kind of concerned about it's security defenses (against local attacks), such as memory safety or so. At least it hasn't undergone any security audits which might be vital for such a sensitive program 🤔
@mdrights you didn't know about pass? I'm surprised :)
🇳🇴🍺
If it doesn't offer keyfile + masterpassword function, I'll give it a pass 😐
I likes me a beefy keyfile in addition to masterpass.
@duckhp
You are right. i also found that it seems doesn’t support the encryption from a #subkey. I have to use my password store from where my master #pgp keys are available. Sounds not elegant.
BTW, #askfediverse , Should i leave my master secret key on my daily machine and use it to encrypt or sign?
> it seems doesn’t support the encryption from a #subkey. I have to use my password store from where my master #pgp keys are available. Sounds not elegant.
What? I’m using pass for years and it uses my encryption subkey just fine. I’ve also migrated encryption subkeys and pass rotated secrets just fine (with pass init IIRC).
> Should i leave my master secret key on my daily machine and use it to encrypt or sign?
No. Leave the master secret key on your offline computer (what? you don’t have one? Give back your paranoid nerd club card! ;) ) and the subkeys of course need to be in a tamper-resistant hardware security module (e.g. Yubikeys).
Do not accept compromise! Ultimate security or nothing! ;)
I did exaggerate a little bit but I’m using pass with the same exact setup as above and it really works great :) Have a nice evening!
@mdrights wait, is this a terminal password manager?