I guess it's an issue if you're storing the repository in github or backing it up without additional encryption, but I suspect that's not how most people are using it anyway.
As long as you understand its limitations pass is nice precisely because it's simple and basically just a wrapper around git + gnupg.
In comparison, most cloud password managers don't have these specific issues, but they are also very likely less secure in other ways.
>I guess it's an issue if you're storing the repository in github or backing it up without additional encryption, but I suspect that's not how most people are using it anyway.
How are people using pass then? Do they only keep one copy of their password database on their computer? Are they manually copying loose files between their devices?
You do not need a "hosted" git environment to keep a repo in a central location; a simple Unix account is enough.
I just use ctmg authored by the same guy and a simple script to open and close both. If you want, you can then throw this anywhere.
The authors recommends KeepassXC instead.
There are also already command line KeePass utilities, like passhole [0] (mine) and keepassxc-cli.
[0]: https://github.com/evidlo/passhole [1]: https://keepassxc.org/docs/KeePassXC_UserGuide.html
What's the percentage of end-user Unix systems with Git installed?
What's the percentage of KeePass stores that can be used without X?
What's the percentage of pass stores that can be used without Git?
Why is that? Unix != lack of UI (NeXT, Solaris, any Unix descendant with a port of CDE), and being GUI first doesn't matter if there is good CLI support.
It's a smallish (<1k loc) wrapper script around GPG, a tool basically omnipresent, and passwords are saved in an hierarchy as regular files. Essentially it integrates well in the existent ecosystem and is easy to extend.
> replace the contents of ./Personal/malicious-site.com with the contents of ./Work/id_ed25519
then it's pretty much game over anyway.
2. if that's "game over anyway", you might as well store your passwords in an unencrypted .txt file :^)
I install my password manager's desktop/mobile apps so I can have an offline store of my password data. This provides a backup of the data in case their servers are down or otherwise inaccessible.
I wish the CLI has similar functionality.
Pass (and gopass, and all the derivatives of the same idea) is not the best personal password store (for that KeePassXC and similars might be better) but coupled with git gives a technical team a way to share passwords in a more or less secure way on rest.
AFAIK KeePassXC don't give a way of automating merge of different versions of the password store (for that the granularity provided by git and the pass format is better), so modifying the keys by a team is an exercise of coordination, and have one global master key that implies an all-or-nothing approach.
And being built over time tested technology in a simple enough way is another feature. It is a simple bash script taking advantage of gpg and git, not a complex piece of software that should be audited with each security update.
Of course that the computers taking part should be trusted, if the personal computer of any of the people with access to the keys is compromised, or where you store your git repository, it might not be so safe, but probably you should worry about bigger problems.
You might already know about the Merge feature in general, but, curtosy of GHacks[1]:
> KeePass' synchronization algorithm merges matching entry levels when sync is invoked. The application uses the last modification date as the main data point when deciding about the recency of entries. KeePass keeps track of it automatically whenever an entry is added or modified.
> The application uses its history feature when it merges entries. Assume that the same login is available in two databases, but with different passwords. KeePass will merge these and set the most recent username and password as the default after the sync process completes. All other entries are stored in the history, so that they are not lost and may be accessed when the need arises.
I bet one could argue that this is at least as automated as a merge commit, which I wouldn't expect to run truly automatically anyways (ie. as a commit or ci hook without any other user input).
1: https://www.ghacks.net/2022/03/25/how-to-merge-two-keepass-d...
—————
Active Attack:
1. Adversary replaces the contents of ./Personal/malicious-site.com with the contents of ./Work/id_ed25519
2. Victim decrypts ./Personal/malicious-site.com and the decrypted contents is placed in her clipboard automatically.
3. Victim logs into malicious-site.com.
The victim just uploaded her work SSH private key to malicious-site.com
————
If the attacker is on the victim’s machine and has access to the ssh private key (“id_ed25519”), wouldn’t they just upload it directly to malicious-site.com via curl or whatever? Why this whole rigamarole?
If someone is on your machine doing arbitrary things what software can reasonably protect you? Even Signal would fail.
The attack works when the user doesn’t realize they’re sending their SHH private key through the password form of malicious-site.com.
Something like accidentally putting your Google password into the Dropbox login form. Dropbox have now seen your Google password.
Also, they don’t need any password to encrypt the file, pass uses gpg encryption so they can just use the public key which will be sitting somewhere nearby.
The author of Age has ported Pass to use Age as the encryption scheme if one needs a modern solution.
As for reading the directory structure, you don't have to put your passwords in a directory structure and just do security by obscurity.... But, if some has access to my local machine, I have bigger issues.
It is a tool trying to securely manage keys in an insecure environment, and even offloading some parts (such as to a yubikey) doesn't make it any easier to use.
Genuinely curious as to what other tools. I don't find PGP terribly too complex to setup or manage.
> It is a tool trying to securely manage keys in an insecure environment
I mean, yea. Isn't that every encryption tool on someone's local machine?
I created "passable" to do what I believe is a bit better (IMHO) for command line usage: symmetric encryption, and files do not use any particular in-the-clear directory structure.
The code is POSIX shell, short,and easy to audit. MIT & Apache & GPL license. Constructive feedback welcome.
Prefer just a simple MIT over GPL (and properly license your repo on Github)
Unit tests
Build it with CI/CD
Releases with tags
Available on a package manager (brew/apt/...)
> Prefer just a simple MIT over GPL
Done. I added MIT or Apache-2.0 or GPL-2.0-or-later.
> properly license your repo on Github
Done. I added LICENSE.md file with SPDX links.
> Unit tests
Done. I added example tests. Do you have a preferred POSIX shell script unit test approach?
> And more...
Good ideas, all of them. I'll add your ideas to a new TODO section.
Thank you so much!
I had to briefly pause reading there, as the word "90ties" is a horror show itself.
Ninety-ties? Ninetittys?
Seems there's work going towards, or at least the idea is being explored, adding PQC to OpenPGP.
https://www.ietf.org/id/draft-wussler-openpgp-pqc-00.html
https://datatracker.ietf.org/meeting/113/materials/slides-11...
>If you insist on using Pass, I highly recommend using a separate PGP key just for Pass.
Will guess that's how most people use it already. Separating keys for usage is afterall something core in PGP.
gpg: WARNING: encrypted message has been manipulated!
In another part of the article it is mentioned that an attacker can entirely replace a particular password file ("No authentication of values") which makes the PGP malleability stuff irrelevant. So we are maximizing the number of listed issues here. Note that pass will sign the password files if configured to do so which makes this issue go away.
- A password book can be lost if you bring it with you somewhere
- If you don’t bring it with you and you suddenly need to log in to something while you are not at home, you are out of luck
- There is no protection if the book is stolen. Now someone has all of your passwords.
- If your house burns down, do you have a backup of the book?
- Someone can shoulder surf you when you use the book in public and you might not even realise
- If your computer or phone is hacked they can wait until the next time you type the password for some service on the device and steal it then anyways
* Yes, symmetric encryption is better than the asymmetric encryption in terms of resistance to brute force attacks. However, as soon as you type in the password in a login page, it will be protected by an asymmetric encryption in TLS. All data in transit is protected by asymmetric encryption, often RSA 2048.
On the other hand, asymmetric encryption is better than symmetric encryption in that it doesn’t need the private key for encrypting a password. This reduces the exposure of the private key.
* The fact that the file names may not be encrypted is part of the appeal. In exchange, you get: passwords live in sort of their own sandbox environments. If the local machine is compromised, while a password is read, other passwords are not affected (see the next item on smart cards).
This is great: with a single-database, as you frequently extract unimportant passwords, your important passwords, say your bank account password, is decrypted too, and at risk. Further, with a single database, it’s difficult to frequently type in the master password; so the database is usually unlocked in local machine, with all passwords loaded in RAM.
* A GPG key can be put in a smart card. Every touch of the Yubikey gives up only one password.
* There are many password managers with self- rolled cryptography. The code has very rarely been audited, even for keepassxc. A lot of code is involved, with GUIs, complex databases, apps, and plug-ins. You want to outsource the cryptography to a well audited codebase. OpenPGP and GPG have been throughly reviewed.
Pass is a simple short bash script that you can actually audit it yourself. That’s very important to security.
* The directory can be encrypted by a wrapper, see gopass and similar.
* GPG 2.3 has introduced AEAD modes, such as ChaCha-Poly. So there is now authenticated encryption (there is MDC which is outdated). You could also sign the encryption, which is a proper authentication.
There are also newer tools such as Passage using Age encryption (though some tools such as agent is missing). Passage uses PIV applet of the Yubikey, so you can have multiple keys.
* Symmeyric encryption allows for 256 bits of security. In practice, it’s difficult to frequently type in and rotate such key. People use much weaker passwords. You can use a key file, but that’s plaintext in local system.
* The secrets have to be entered by command line a lot of times. Pass works great with piping etc.
I strongly suggest using a Yubikey with Pass or passage. You get strong security conveniently with a weak PIN code.
My understanding is that the current authenticated mode (what I like to call OCFB-MDC for OpenPGP Cipher Feed Back, Modification Detection Code) is secure. There is no evidence that the proposed authenticated modes are any better, other than perhaps for higher performance in the case of OCB mode. I wrote a rambling editorial about the idea that the current mode should be replaced:
Edit: just noticed they recommend KeePass at the end. Damn I'm good.