1 |
On 3/2/23 9:53 PM, efeizbudak wrote: |
2 |
> Doesn't this sort of defeat the purpose of using pass? I mean if it's |
3 |
> always decryptable then is it really useful to have it encrypted in the |
4 |
> first place (assuming you have full disk encryption set up)? I may be |
5 |
> missing something crucial here so please let me know. |
6 |
|
7 |
There is value in not having a password in clear text on a file system. |
8 |
|
9 |
It really depends on what your trying to protect from / against. |
10 |
|
11 |
> Grant: |
12 |
> |
13 |
> This seems like the lesser of all evils to me. As I understand, you're |
14 |
> suggesting that I lend the email password to the daemon at start and |
15 |
> only have that password stored in memory instead of my actual gpg |
16 |
> password, is that correct? |
17 |
|
18 |
I think we're talking about the same thing. |
19 |
|
20 |
> Again, I may be missing something here, but does having your GPG |
21 |
> credentials unprotected offer any real protection? |
22 |
|
23 |
See my response to your comment / question to Matt. |
24 |
|
25 |
> I guess this is where I'll eventually be heading towards. |
26 |
|
27 |
I'm personally looking forward to being able to use TPMv2 to protect |
28 |
keys for services running on the system. It requires said services to |
29 |
support the TPM. |
30 |
|
31 |
> By the way, thanks to both of you for your thoughts! |
32 |
|
33 |
:-) |
34 |
|
35 |
|
36 |
|
37 |
-- |
38 |
Grant. . . . |
39 |
unix || die |