On 15.07.2018 10:42, Dashamir Hoxha wrote:
> Description:
> A simple command-line password manager that keeps passwords inside a
> gpg encrypted tgz archive. The content of the archive is a directory tree
> with a file for each password entry. The first line of the file is the
> password, and the rest can optionally be additional or related info.
> It provides commands for manipulating the passwords, allowing the user
> to add, remove, edit, generate passwords etc.
>
> Repository: https://github.com/dashohoxha/pw
> Documentation: http://dashohoxha.github.io/pw/man/
>
> This program started by forking 'pass': http://www.passwordstore.org/
> I sugessted a few changes to it, which were not accepted, so I forked
> it and made further changes and improvements, until it became a
> completely different program.
> See:
> - https://lists.zx2c4.com/pipermail/password-store/2016-January/001887.html
> - https://lists.zx2c4.com/pipermail/password-store/2016-January/001902.html
> - https://lists.zx2c4.com/pipermail/password-store/2016-January/001928.html
I have to say that I'm pretty unconvinced of this code.
* The archive is temporarily stored unencrypted on disk: encrypt and
decrypt do an in-place operation with gpg, which is done wherever the
encrypted archive lives. So tar stores onto disk into the target path,
then the result is encrypted with gpg and the original is erased using
rm -rf (also ignoring errors in case the file fails to delete). The
inverse happens for decryption.
* Symmetric and asymmetric encryption are not actually exclusive as the
author makes it sound on the mailing list thread as gpg can wrap the
session key with both symmetric and asymmetric keys.
* Error handling in the script is wonky. I wonder if we could end up
with an actual "rm -rf /" in case mktemp for WORKDIR fails. Errors on
untar and tar are suppressed...
* Comments like [0] aren't exactly inspiring either. The quoting in the
script is "interesting". Sure, maybe you're asking for trouble anyway if
your home directory contains a space, but this script will break in
interesting ways. :)
All your assertions/assumptions are wrong.
Either you did not look close enough to the code, or you are not
an expert on bash scripting (bash is a bit cryptic and difficult
to understand even for experts).
I did not look at the original code of pass, but I don't find this code
handling secrets confidence inspiring, to be honest.
Instead of basing your judgment on general opinions, why don't you
try to find any particular situation that will break the script in some
interesting way ;) This is called proof by counter-example.
If you cannot do this, and if nobody else can do this, then you cannot
claim that it is not safe to use this script.
Best regards,
Dashamir Hoxha
Kind regards
Philipp Kern
[0]
https://lists.zx2c4.com/pipermail/password-store/2016-January/001932.html