Privacy

34773 readers

303 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

Question about the 'pass' password manager (lemmy.ml)

submitted 1 week ago* (last edited 1 week ago) by grumt@lemmy.ml to c/privacy@lemmy.ml

23 comments fedilink hide all child comments

So, I've been using keepassxc for some time now, but I wanted a viable alternative for command line usage (there is keepassxc-cli, that I use, but it is really a pain in the ass). So, I searched and found pass and gopass.

However, I've seen that they store each entry in a gpg encrypted file, inside a plain directory hierarchy. And, don't get me wrong, I believe that there are use cases for this, but if someone got their hands in your password_store, they would know every single login that you have (the only information that is protected is the password, or whatever is in the gpg file).

So, my question is, there is a password manager, cli based, that encrypts the whole database, and not the single entries?

Update: there is a pass extension made specifically to address this issue

you are viewing a single comment's thread
view the rest of the comments

[–] Arkhive@lemmy.blahaj.zone 3 points 5 days ago

I use Unix pass and KeePassXC before that. When I was switching I shared the concern of the names and structure of my passwords . A couple things convinced me it was fine.

First: It’s an arbitrary folder structure. You can name the folders whatever you want. Same is true for individual files. There is a field you can populate with the url the password is for, and when using browser extensions, or a mobile Unix pass manager, they use this field to check which password to offer, so the name of the encrypted file can be anything and so I often name them seemingly random things.

Second: how I chose to sync them made it kind of a non-issue. Some people literally store their password store folder on GitHub. This freaked me out a bit for the reason you are concerned, people even knowing the names of my files. The solution was to self host a git repo on my home LAN and then using Tailscale sync my devices to it from anywhere. Could also be done with syncthing, but the mobile app I use has git functionality built in. This way none of my files even touch the clear net, so I worry a lot less about people knowing the names of my passwords.