#PSA: The latest release of #pass 1.7.2 fixed a fairly major security hole: In prior versions, if an attacker could write to your ~/.password-store directory, they could exploit a bug in pass' regex to add a new GPG key, potentially granting access to the passwords.

Though rare, it's worth updating ASAP.

Update here:
passwordstore.org/

NOTE: this bug does *not* impact my #pass-gen project, which remains the most secure way to generate passwords.
github.com/codesections/pass-g

@codesections
@octobyte@tuxspace.net
so you're saying pass-gen generates passwords like

skirt?UNSTEADY?legend?SUPERJET?livable?DINGBAT?507

?
I'd rather type it as st?UY?ld?ST?le?DT?507 because there's less chance of making a typo.
Well, your dictionary is probably bigger than 256 words, so maybe some more variation in case and special chars would be needed to compensate, but still, I prefer using a word as a mnemonic for 1-3 characters rather than typing the whole word.

@Wolf480pl @octobyte Yes, the current pass-gen default dictionary is bigger than 256 words—it's 8,429 :D

So (since the search space grows exponentially) to get the same/better security you'd need 10 words. Would `st?UY?ld?ST?le?DT?ay?PO?tg?LD?507` still be easier to type?

Maybe it would, but I'd think it'd be harder to say and up the odds of typos.

Nevertheless, it's worth thinking about how pass-gen could support the use of mnemonics. I'll put some thought into it for a future version

Follow

@codesections @octobyte@tuxspace.net
st?UY?ld?ST?le?DT?ay?PO?tg?LD?507
is still easier to type I think.
If I want to say it, I say the full words, not just the letters that I type.
Also, I'll probably never want to say it aloud, because then someone other than me could hear it :P
Also, once it's easier to get such a password into muscle memory than it is with a password containing full words.

@Wolf480pl @octobyte Hmm, our muscle memory must work differently! I have a much easier time typing out full words that are part of my normal vocabulary than I do typing out (even short) strings of characters that don't form words.

In any event, you've convinced me to add support for some sort of mnemonic-based system. I'll let you know when I've added it.

Sign in to participate in the conversation
niu.moe

Welcome to your niu world ! We are a cute and loving international community O(≧▽≦)O !