[prev in list] [next in list] [prev in thread] [next in thread] 

List:       password-store
Subject:    Re: [PATCH] Document known limitations
From:       HacKan <hackan () gmail ! com>
Date:       2017-02-24 21:33:45
Message-ID: 5b775194-e9f6-7ea3-0c13-6d3861408c0c () gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


is it me or the patch is incomplete? "makes it trivial to compute the
length of the" (!)


On 02/24/2017 12:02 PM, Thibault Polge wrote:
> This patch adds a "Known Limitations" section near the end of the man
> page.  It briefly documents two properties of pass:
>
>  1. That the folder structure is not encrypted at all, but only the
>     contents of password files;
>  2. That the encryption system makes it trivial to compute the size of
>     clear text from the encrypted data.
>
> Although these limitations are obvious (for the first one) or not really
> problematic (for the second), I believe they deserve to be documented.
> Since pass aims to follow the "Unix philosophy" of "do one thing and do
> it well", the exact range of the uses it may be put to beyond password
> management can't be guessed /a priori/; and thus the documentation
> should make it clear what the program what is designed to do, and what
> it isn't.
>
> Best regards,
> Thibault
>
> ---
>  man/pass.1 | 7 +++++++
>  1 file changed, 7 insertions(+)
>
> diff --git a/man/pass.1 b/man/pass.1
> index 71bfc7e..fee19b5 100644
> --- a/man/pass.1
> +++ b/man/pass.1
> @@ -462,6 +462,13 @@ The \fBinit\fP command will keep signatures of \fB.gpg-id\fP files up to date.
>  .TP
>  .I EDITOR
>  The location of the text editor used by \fBedit\fP.
> +.SH KNOWN LIMITATIONS
> +The hierarchy of password names is stored as a plain text folder
> +structure. Pass itself does nothing to conceal the names you give to
> +your keys or to the folder structure which contains them.
> +
> +Pass also does nothing to hide the size of the data it encrypts. The
> +design of OpenPGP makes it trivial to compute the length of the
>  .SH SEE ALSO
>  .BR gpg2 (1),
>  .BR tr (1),
> --
> 2.11.0
> _______________________________________________
> Password-Store mailing list
> Password-Store@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/password-store

-- 
HacKan || Iván
GPG: 0x35710D312FDE468B


[Attachment #5 (text/html)]

<html>
  <head>
    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <p>is it me or the patch is incomplete? "makes it trivial to compute
      the length of the" (!)<br>
    </p>
    <br>
    <div class="moz-cite-prefix">On 02/24/2017 12:02 PM, Thibault Polge
      wrote:<br>
    </div>
    <blockquote cite="mid:87r32n4oo3.fsf@thb.lt" type="cite">
      <div class="moz-text-plain" wrap="true" graphical-quote="true"
        style="font-family: -moz-fixed; font-size: 12px;"
        lang="x-unicode">
        <pre wrap="">This patch adds a "Known Limitations" section near the end of \
the man page.  It briefly documents two properties of pass:

 1. That the folder structure is not encrypted at all, but only the
    contents of password files;
 2. That the encryption system makes it trivial to compute the size of
    clear text from the encrypted data.

Although these limitations are obvious (for the first one) or not really
problematic (for the second), I believe they deserve to be documented.
Since pass aims to follow the "Unix philosophy" of "do one thing and do
it well", the exact range of the uses it may be put to beyond password
management can't be guessed <i class="moz-txt-slash"><span \
class="moz-txt-tag">/</span>a priori<span class="moz-txt-tag">/</span></i>; and thus \
the documentation should make it clear what the program what is designed to do, and \
what it isn't.

Best regards,
Thibault

---
 man/pass.1 | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/man/pass.1 b/man/pass.1
index 71bfc7e..fee19b5 100644
--- a/man/pass.1
+++ b/man/pass.1
@@ -462,6 +462,13 @@ The \fBinit\fP command will keep signatures of \fB.gpg-id\fP \
                files up to date.
 .TP
 .I EDITOR
 The location of the text editor used by \fBedit\fP.
+.SH KNOWN LIMITATIONS
+The hierarchy of password names is stored as a plain text folder
+structure. Pass itself does nothing to conceal the names you give to
+your keys or to the folder structure which contains them.
+
+Pass also does nothing to hide the size of the data it encrypts. The
+design of OpenPGP makes it trivial to compute the length of the
 .SH SEE ALSO
 .BR gpg2 (1),
 .BR tr (1),
--
2.11.0
_______________________________________________
Password-Store mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" \
href="mailto:Password-Store@lists.zx2c4.com">Password-Store@lists.zx2c4.com</a> <a \
moz-do-not-send="true" class="moz-txt-link-freetext" \
href="https://lists.zx2c4.com/mailman/listinfo/password-store">https://lists.zx2c4.com/mailman/listinfo/password-store</a>
 </pre>
      </div>
    </blockquote>
    <br>
    <pre class="moz-signature" cols="72">-- 
HacKan || Iván
GPG: 0x35710D312FDE468B</pre>
  </body>
</html>



_______________________________________________
Password-Store mailing list
Password-Store@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/password-store


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic