commit 51f9b6888ce1640c887c308d869c5f716d071430
parent 9b27d7384e22405b109e9c3883ee9d01cfaa89ec
Author: Jason A. Donenfeld <Jason@zx2c4.com>
Date: Tue, 18 Mar 2014 23:05:39 -0600
Do not compress passwords.
According to a forthcoming paper by Alfredo Pironti, OpenPGP compression
can reveal entropy levels. We thus disable compression.
Existing password stores can be reencrypted without compression using
the "--reencrypt" flag for "init".
Reported-by: Alfredo Pironti <alfredo.pironti@inria.fr>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat:
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/password-store.sh b/src/password-store.sh
@@ -8,7 +8,7 @@ umask 077
PREFIX="${PASSWORD_STORE_DIR:-$HOME/.password-store}"
ID="$PREFIX/.gpg-id"
GIT_DIR="${PASSWORD_STORE_GIT:-$PREFIX}/.git"
-GPG_OPTS="--quiet --yes --batch"
+GPG_OPTS="--quiet --yes --batch --compress-algo=none"
export GIT_DIR
export GIT_WORK_TREE="${PASSWORD_STORE_GIT:-$PREFIX}"