| 1 |
On 3/2/23 9:53 PM, efeizbudak wrote: |
| 2 |
> Doesn't this sort of defeat the purpose of using pass? I mean if it's |
| 3 |
> always decryptable then is it really useful to have it encrypted in the |
| 4 |
> first place (assuming you have full disk encryption set up)? I may be |
| 5 |
> missing something crucial here so please let me know. |
| 6 |
|
| 7 |
There is value in not having a password in clear text on a file system. |
| 8 |
|
| 9 |
It really depends on what your trying to protect from / against. |
| 10 |
|
| 11 |
> Grant: |
| 12 |
> |
| 13 |
> This seems like the lesser of all evils to me. As I understand, you're |
| 14 |
> suggesting that I lend the email password to the daemon at start and |
| 15 |
> only have that password stored in memory instead of my actual gpg |
| 16 |
> password, is that correct? |
| 17 |
|
| 18 |
I think we're talking about the same thing. |
| 19 |
|
| 20 |
> Again, I may be missing something here, but does having your GPG |
| 21 |
> credentials unprotected offer any real protection? |
| 22 |
|
| 23 |
See my response to your comment / question to Matt. |
| 24 |
|
| 25 |
> I guess this is where I'll eventually be heading towards. |
| 26 |
|
| 27 |
I'm personally looking forward to being able to use TPMv2 to protect |
| 28 |
keys for services running on the system. It requires said services to |
| 29 |
support the TPM. |
| 30 |
|
| 31 |
> By the way, thanks to both of you for your thoughts! |
| 32 |
|
| 33 |
:-) |
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
-- |
| 38 |
Grant. . . . |
| 39 |
unix || die |
Archives