this post was submitted on 06 Oct 2024
40 points (97.6% liked)
Linux
48185 readers
1320 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Someone else can confirm but Keepass seems to use symmetric encryption, whereas Pass definitely uses an asymmetric key pair.
This is why I gave up on Pass. Obviously it has its advantages or they wouldn't have done it, but personally I find that this is too much complexity for something as critical as password storage. I want to be able to access the vault with a single memorized master password and nothing else. That is only possible with symmetric encryption.
I'm guessing, they did it this way, because there's no persistent process to keep the decrypted files open. You'd need to ask the user for the password for every single command they run. With GPG, that persistent process is
gpg-agent
.Of course, encryption with a GPG key is also going to be more secure than the longest password you can come up with.
I guess, many people will want access to GPG, too, if they want access to their passwords, so they're not bothered by it.
But yeah, I do also remember setting that up on Android, where you need a separate app to do the GPG, and it really stops feeling simple pretty quickly...
This is not correct as pass uses GPG, and you can do symmetric encryption with it, it is just a different parameter in the command.
You can use a different password per file, or the same one
Citation needed,
man
page says nothing about that. Of course, you can use GPG directly to get symmetric, that is what I chose to do