password-store

Simple password manager using gpg and ordinary unix directories
git clone https://git.zx2c4.com/password-store
Log | Files | Refs | README | LICENSE
commit 51f9b6888ce1640c887c308d869c5f716d071430
parent 9b27d7384e22405b109e9c3883ee9d01cfaa89ec
Author: Jason A. Donenfeld <Jason@zx2c4.com>
Date:   Tue, 18 Mar 2014 23:05:39 -0600

Do not compress passwords.

According to a forthcoming paper by Alfredo Pironti, OpenPGP compression
can reveal entropy levels. We thus disable compression.

Existing password stores can be reencrypted without compression using
the "--reencrypt" flag for "init".

Reported-by: Alfredo Pironti <alfredo.pironti@inria.fr>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Diffstat:

Msrc/password-store.sh | 2+-


1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/password-store.sh b/src/password-store.sh
@@ -8,7 +8,7 @@ umask 077
 PREFIX="${PASSWORD_STORE_DIR:-$HOME/.password-store}"
 ID="$PREFIX/.gpg-id"
 GIT_DIR="${PASSWORD_STORE_GIT:-$PREFIX}/.git"
-GPG_OPTS="--quiet --yes --batch"
+GPG_OPTS="--quiet --yes --batch --compress-algo=none"
 
 export GIT_DIR
 export GIT_WORK_TREE="${PASSWORD_STORE_GIT:-$PREFIX}"