Password Managers: The Case Against GNU pass (feat gpg)
Автор: Spectra Secure
Загружено: Nov 29, 2021
Просмотров: 3,506 views
Let's discuss two issues with the Linux command line password manager called GNU pass. I'm going to be talking about issues to do with insufficient security with regard to encryption at rest.
The commands I ran to export my key are as follows:
gpg --list-keys
gpg --output /tmp/secret-key.gpg --export-secret-key 0xYOURKEYHERE
gpg --list-packets /tmp/secret-key.gpg
My output in the video for gpg list keys might be a little bit different from yours because I have gpg configured to use longform key IDs, since that's a best practice: https://riseup.net/en/security/messag...
Links to items discussed in video:
gnu pass - https://www.passwordstore.org/
pass-tomb - https://github.com/roddhjav/pass-tomb
RFC4880 Standards - https://datatracker.ietf.org/doc/html...
Stack overflow discussing the s2k settings issue - https://security.stackexchange.com/qu...
gpg issue tracker for the s2k settings issue - https://dev.gnupg.org/T1800
KeePassXC (use this instead of pass) - https://keepassxc.org/
---
Licensed model assets in use:
https://booth.pm/en/items/2245240
https://booth.pm/en/items/2660550
Доступные форматы для скачивания:
Скачать видео mp4
-
Информация по загрузке:
