So, I’ve been using keepassxc for some time now, but I wanted a viable alternative for command line usage (there is keepassxc-cli, that I use, but it is really a pain in the ass). So, I searched and found pass and gopass.

However, I’ve seen that they store each entry in a gpg encrypted file, inside a plain directory hierarchy. And, don’t get me wrong, I believe that there are use cases for this, but if someone got their hands in your password_store, they would know every single login that you have (the only information that is protected is the password, or whatever is in the gpg file).

So, my question is, there is a password manager, cli based, that encrypts the whole database, and not the single entries?

Update: there is a pass extension made specifically to address this issue

  • Xanza@lemm.eeEnglish
    12·
    2 days ago

    You’re creating wild scenarios off ridiculous supposition instead of dealing with reality.

    If the police come raid your house, they know what you did and are looking for more evidence. The police can’t raid your house if they don’t already have evidence of wrongdoing. It’s called a fuckin’ warrant and they’re not optional (yet).

    If you’re busted for being an antifascist activist, who the police deems a “terrorist” and you’re also member of another activist group which up to then wasn’t in the sights of law enforcement, then you’re putting that other activist group’s members in danger.

    If you’re an agent in a “terrorist organization” and you leave your PC completely unencrypted for just anyone to grab, then you deserve to be in jail. lol

    We went from arguing the merits of security through obscurity by ensuring that metadata was obscured through encryption to “LOL THE POLICE ARE GONNA BREAK INTO YOUR HOUSE AND GET AT YOUR DATA ON YOUR TOTALLY UNENCRYPTED HARD DRIVE AND NAIL YOU TO THE FLOOR AND CRUCIFY YOUR FRIENDS!”

    It’s beyond absurdist.

    You’ve actually only attacked my examples, not my argument.

    Again, your argument is total supposition of a completely imaginary scenario that’s specifically crafted to support your own poor arguments… It has no value at all. That’s why you feel attacked. Because your argument is shit and you can’t back it up without inventing some crazy ass scenario that wouldn’t play out in reality.

    • Prunebutt@slrpnk.net
      31·
      2 days ago

      Sorry, homie. I’m not gonna keep arguing with you if you obviously can’t argue without moving the goal posts, if your life depends on it.

      My point still stands: Encrypting metadata can be sensible/necessary for your threat model and does not count as security through obscurity. You have failed to explain how it would be and then started to attack me, personally.

      Have fun misrepresenting this comment as well, bye.

      • Xanza@lemm.eeEnglish
        12·
        2 days ago

        Encrypting metadata can be sensible/necessary for your threat model and does not count as security through obscurity. You have failed to explain how it would be.

        I mean, your scenarios here are predicated on the idea that you’re so concerned about privacy and security that you use PGP to protect your passwords, but leave your PC totally unencrypted and not password protected for “the police” to just come in and take and discover metdata about your proclivities.

        It’s absurd to the n^th degree and how you don’t see that is astonishing.